I appreciate that this is unlikely to be used as is for real world applications, but shouldn’t this generate a more generic “incorrect username or password” error if either is invalid?
Hi, I think for illustration and basic usage the standard class is pretty much okay. If you want that additional security, simply create your prefered version of the UserIdentity class (maybe with constant ERROR_CREDENTIALS_INVALID).