/LoginController.cs

## LoginController.cs
using AlpacaCore.SiteFramework.SimpleLogin.ViewModels;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Http.Authentication;
using SiteFramework.Abstractions;
using SiteFramework.Abstractions.Repositories;
using System;
using System.Security.Claims;
using System.Threading.Tasks;
using System.Collections.Generic;
using System.Linq;

namespace AlpacaCore.SiteFramework.SimpleLogin.Controllers
{
	public class LoginController : Controller
	{
		private readonly IAccountRepository _accountRepository;
		private readonly ISiteContext _siteContext;

		public LoginController(IAccountRepository accountRepository, ISiteContext siteContext)
		{
			_accountRepository = accountRepository;
			_siteContext = siteContext;
		}

		[HttpGet]
		public IActionResult Index()
		{
			var viewModel = new SignInViewModel();

			if (Request.Query.ContainsKey("ReturnUrl"))
			{
				viewModel.ReturnUrl = Request.Query["ReturnUrl"];
			}

			return View(viewModel);
		}

		[HttpPost]
		[ValidateAntiForgeryToken]
		public async Task<IActionResult> Index(SignInViewModel signInViewModel)
		{
			if (ModelState.IsValid)
			{
				var account = await _accountRepository.SignInAsync(signInViewModel.UserId, signInViewModel.Password).ConfigureAwait(false);
				if (account == null)
				{
					ModelState.AddModelError("", "Username or password is invalid.");
				}
				else
				{
					await SetPrincipalAsync(account, signInViewModel.RememberMe).ConfigureAwait(false);
					return Redirect(signInViewModel.ReturnUrl ?? "~/");
				}
			}

			return View(signInViewModel);
		}

		public async Task<IActionResult> SignOut()
		{
			await HttpContext.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
			var redirectUrl = "~/";
			if (Request.Query.ContainsKey("ReturnUrl"))
			{
				redirectUrl = Request.Query["ReturnUrl"];
			}
			return Redirect(redirectUrl);
		}

		private async Task SetPrincipalAsync(Account account, bool rememberMe)
		{
			var claims = new List<Claim>()
			{
				new Claim(ClaimTypes.Name, account.DisplayName),
				new Claim(ClaimTypes.Sid, account.AccountId.ToString()),
				new Claim(ClaimTypes.NameIdentifier, account.AccountName),
				new Claim("loginTime", DateTime.UtcNow.ToString())
			};
			claims.AddRange(
				(await _accountRepository.GetRolesAsync(account, _siteContext.Site).ConfigureAwait(false))
					.Select(q => new Claim(ClaimTypes.Role, q))
			);
			var loginPrincipal = new ClaimsPrincipal(new ClaimsIdentity(claims, "SimpleLoginIdentity"));
			await HttpContext.Authentication.SignInAsync(
				CookieAuthenticationDefaults.AuthenticationScheme,
				loginPrincipal,
				new AuthenticationProperties
				{
					IsPersistent = rememberMe
				});
		}
	}
}

## SimpleLoginModule.cs
using SiteFramework.SimpleLogin.Abstractions;
using System.Collections.Generic;
using SiteFramework.Abstractions;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.Extensions.Options;
using Microsoft.AspNetCore.Http;

namespace AlpacaCore.SiteFramework.SimpleLogin
{
	public class SimpleLoginModule : SimpleLoginModuleBase
	{
		private List<Route> _routes = new List<Route>();
		public override IEnumerable<Route> Routes => _routes;

		[RegisterServices]
		public static void RegisterServices(IServiceCollection services, ISiteBuilder builder)
		{
			IsInstalled = true;
			services.AddAuthentication();
			services.AddOptions();
			services.AddSingleton<IConfigureOptions<SimpleLoginOptions>, SimpleLoginConfigureOptions>();
			services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
			services.AddScoped<IAccountAccessor, SimpleLoginAccountAccessor>();
		}

		[ConfigurePipeline]
		public static void Configure(IApplicationBuilder app, IOptions<SimpleLoginOptions> options)
		{
			app.UseCookieAuthentication(new CookieAuthenticationOptions
			{
				AutomaticAuthenticate = true,
				AutomaticChallenge = true,
				AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme,
				LoginPath = new PathString("/signin"),
				AccessDeniedPath = new PathString("/signin"),
				CookieName = options.Value.CookieName,
				CookieSecure = options.Value.CookieSecure,
				CookieDomain = options.Value.CookieDomain,
				CookieHttpOnly = options.Value.CookieHttpOnly
			});
		}

		public SimpleLoginModule()
		{
			_routes.Add(new Route("login", "signin/{action}", 1, new { controller = "Login", action = "Index" }));
		}
	}
}
	using AlpacaCore.SiteFramework.SimpleLogin.ViewModels;
	using Microsoft.AspNetCore.Authentication.Cookies;
	using Microsoft.AspNetCore.Mvc;
	using Microsoft.AspNetCore.Http.Authentication;
	using SiteFramework.Abstractions;
	using SiteFramework.Abstractions.Repositories;
	using System;
	using System.Security.Claims;
	using System.Threading.Tasks;
	using System.Collections.Generic;
	using System.Linq;

	namespace AlpacaCore.SiteFramework.SimpleLogin.Controllers
	{
	public class LoginController : Controller
	{
	private readonly IAccountRepository _accountRepository;
	private readonly ISiteContext _siteContext;

	public LoginController(IAccountRepository accountRepository, ISiteContext siteContext)
	{
	_accountRepository = accountRepository;
	_siteContext = siteContext;
	}

	[HttpGet]
	public IActionResult Index()
	{
	var viewModel = new SignInViewModel();

	if (Request.Query.ContainsKey("ReturnUrl"))
	{
	viewModel.ReturnUrl = Request.Query["ReturnUrl"];
	}

	return View(viewModel);
	}

	[HttpPost]
	[ValidateAntiForgeryToken]
	public async Task<IActionResult> Index(SignInViewModel signInViewModel)
	{
	if (ModelState.IsValid)
	{
	var account = await _accountRepository.SignInAsync(signInViewModel.UserId, signInViewModel.Password).ConfigureAwait(false);
	if (account == null)
	{
	ModelState.AddModelError("", "Username or password is invalid.");
	}
	else
	{
	await SetPrincipalAsync(account, signInViewModel.RememberMe).ConfigureAwait(false);
	return Redirect(signInViewModel.ReturnUrl ?? "~/");
	}
	}

	return View(signInViewModel);
	}

	public async Task<IActionResult> SignOut()
	{
	await HttpContext.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
	var redirectUrl = "~/";
	if (Request.Query.ContainsKey("ReturnUrl"))
	{
	redirectUrl = Request.Query["ReturnUrl"];
	}
	return Redirect(redirectUrl);
	}

	private async Task SetPrincipalAsync(Account account, bool rememberMe)
	{
	var claims = new List<Claim>()
	{
	new Claim(ClaimTypes.Name, account.DisplayName),
	new Claim(ClaimTypes.Sid, account.AccountId.ToString()),
	new Claim(ClaimTypes.NameIdentifier, account.AccountName),
	new Claim("loginTime", DateTime.UtcNow.ToString())
	};
	claims.AddRange(
	(await _accountRepository.GetRolesAsync(account, _siteContext.Site).ConfigureAwait(false))
	.Select(q => new Claim(ClaimTypes.Role, q))
	);
	var loginPrincipal = new ClaimsPrincipal(new ClaimsIdentity(claims, "SimpleLoginIdentity"));
	await HttpContext.Authentication.SignInAsync(
	CookieAuthenticationDefaults.AuthenticationScheme,
	loginPrincipal,
	new AuthenticationProperties
	{
	IsPersistent = rememberMe
	});
	}
	}
	}
	using SiteFramework.SimpleLogin.Abstractions;
	using System.Collections.Generic;
	using SiteFramework.Abstractions;
	using Microsoft.Extensions.DependencyInjection;
	using Microsoft.AspNetCore.Builder;
	using Microsoft.AspNetCore.Authentication.Cookies;
	using Microsoft.Extensions.Options;
	using Microsoft.AspNetCore.Http;

	namespace AlpacaCore.SiteFramework.SimpleLogin
	{
	public class SimpleLoginModule : SimpleLoginModuleBase
	{
	private List<Route> _routes = new List<Route>();
	public override IEnumerable<Route> Routes => _routes;

	[RegisterServices]
	public static void RegisterServices(IServiceCollection services, ISiteBuilder builder)
	{
	IsInstalled = true;
	services.AddAuthentication();
	services.AddOptions();
	services.AddSingleton<IConfigureOptions<SimpleLoginOptions>, SimpleLoginConfigureOptions>();
	services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
	services.AddScoped<IAccountAccessor, SimpleLoginAccountAccessor>();
	}

	[ConfigurePipeline]
	public static void Configure(IApplicationBuilder app, IOptions<SimpleLoginOptions> options)
	{
	app.UseCookieAuthentication(new CookieAuthenticationOptions
	{
	AutomaticAuthenticate = true,
	AutomaticChallenge = true,
	AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme,
	LoginPath = new PathString("/signin"),
	AccessDeniedPath = new PathString("/signin"),
	CookieName = options.Value.CookieName,
	CookieSecure = options.Value.CookieSecure,
	CookieDomain = options.Value.CookieDomain,
	CookieHttpOnly = options.Value.CookieHttpOnly
	});
	}

	public SimpleLoginModule()
	{
	_routes.Add(new Route("login", "signin/{action}", 1, new { controller = "Login", action = "Index" }));
	}
	}
	}