twitter login not working

test all features

send email on adding/removing external logins

server side form validation

localize account pages

add lockout per ip login fails (defence against brute force) combined with complete lockout after x times

add permanent/temp(timed) lockout

response design overflows in some places on the smaller screen settings

sort device list by date descending

add cookie detection on login to see if user has logged in before. if not try to do a geolocation call and send an email to the owner of the account that the user has been logged in from a new location

adding an external provider that doesnt exist creates the account anyway

change images to base64 to reduce amount of work needed to install login to a website

add dummy masterpages to avoid "is not a known element" errors (masterpagefile can be a relative path)

add confirm dialog when removing devices

move roles to enitity framework

remove background color on operating system images

signin in causes duplicate devices being registered

add page title in setup instead of using drinksonlinesettings

logging in on another location logs you out of the current?

logging in on another location doesnt produce a new device email

use nth style instead of a whole seperate itemtemplate

add text indicating that the user hasnt connected any services to the account on managelogins.aspx

change error messages to include the word field to indicate it is an actual field that is required

add confirm when deleting account

add AdditionalDeleteLogic method

move sign in logic and checking to seperate method so login and twofactor authendication can share it

register device when registering new account with external login

add authendicator as a 2factor option

change unlock logic to custom lockout system

send email message on password change and authenticator change

replace getuserid with AuthenticatedAccount.User.Id

send email when logging in with new device (not on user creation)

remove session from user if ip is banned from logging in

add check if user has active session on doconfirmcheck

register closures

what should happen if a users adds an external account that has already been registered

encrypt authenticator secret

when checking for device id check if device is the same apart from the id and accept the device and resave the device id in cookie

add a show all button and only show the first 10 devices on the device page

delete devices older than one year (same as device cookie expire date)

rearrange text and add a header (device settings) on device pages

change external login text on login page

confirming an email change results in error on the original session if you are confirming the email in another session

redirect to login after confirming email or to settings page if the user is already logged in

move identityconfig email to accountsetup

add info to appending email field in settings

add message in emails that the links are a onetime use and failed links should be resent

go through all page code files and check that all using references to drinks-online has been removed

check if update security stamp is present when the user is changing password, email or 2step verification

Send email notification on device settings email change

Add field for pending email

remove device id cookie, it is not needed

move external client and secret from startup.auth to setup

add option to enable/disable security update notification emails

change checkboxes on account create and activate/deactivate buttons to a slider checkbox like the consent ui uses

Add static class for confirm identity commands