dotnet
diff --git a/‎src/Identity/Core/src/Microsoft.AspNetCore.Identity.csproj‎
Lines changed: 2 additions & 1 deletion b/‎src/Identity/Core/src/Microsoft.AspNetCore.Identity.csproj‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎src/Identity/Core/src/SignInManager.cs‎
Lines changed: 149 additions & 19 deletions b/‎src/Identity/Core/src/SignInManager.cs‎
Lines changed: 149 additions & 19 deletions
@@ -13,7 +13,8 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <Compile Include="$(SharedSourceRoot)DefaultMessageEmailSender.cs" />
+    <Compile Include="$(SharedSourceRoot)DefaultMessageEmailSender.cs" LinkBase="Shared" />
+    <Compile Include="$(SharedSourceRoot)Metrics\MetricsConstants.cs" LinkBase="Shared" />
   </ItemGroup>
 
   <ItemGroup>
 
@@ -7,6 +7,7 @@
 using System.Text;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 
@@ -24,6 +25,7 @@ public class SignInManager<TUser> where TUser : class
     private readonly IHttpContextAccessor _contextAccessor;
     private readonly IAuthenticationSchemeProvider _schemes;
     private readonly IUserConfirmation<TUser> _confirmation;
+    private readonly SignInManagerMetrics? _metrics;
     private HttpContext? _context;
     private TwoFactorAuthenticationInfo? _twoFactorInfo;
 
@@ -56,6 +58,7 @@ public SignInManager(UserManager<TUser> userManager,
         Logger = logger;
         _schemes = schemes;
         _confirmation = confirmation;
+        _metrics = userManager.ServiceProvider?.GetService<SignInManagerMetrics>();
     }
 
     /// <summary>
@@ -160,25 +163,39 @@ public virtual async Task<bool> CanSignInAsync(TUser user)
     /// <param name="user">The user to sign-in.</param>
     /// <returns>The task object representing the asynchronous operation.</returns>
     public virtual async Task RefreshSignInAsync(TUser user)
+    {
+        try
+        {
+            var (success, isPersistent) = await RefreshSignInCoreAsync(user);
+            _metrics?.RefreshSignIn(typeof(TUser).FullName!, AuthenticationScheme, success, isPersistent);
+        }
+        catch (Exception ex)
+        {
+            _metrics?.RefreshSignIn(typeof(TUser).FullName!, AuthenticationScheme, success: null, isPersistent: null, ex);
+            throw;
+        }
+    }
+
+    private async Task<(bool success, bool? isPersistent)> RefreshSignInCoreAsync(TUser user)
     {
         var auth = await Context.AuthenticateAsync(AuthenticationScheme);
         if (!auth.Succeeded || auth.Principal?.Identity?.IsAuthenticated != true)
         {
             Logger.LogError("RefreshSignInAsync prevented because the user is not currently authenticated. Use SignInAsync instead for initial sign in.");
-            return;
+            return (false, auth.Properties?.IsPersistent);
         }
 
         var authenticatedUserId = UserManager.GetUserId(auth.Principal);
         var newUserId = await UserManager.GetUserIdAsync(user);
         if (authenticatedUserId == null || authenticatedUserId != newUserId)
         {
             Logger.LogError("RefreshSignInAsync prevented because currently authenticated user has a different UserId. Use SignInAsync instead to change users.");
-            return;
+            return (false, auth.Properties?.IsPersistent);
         }
 
         IList<Claim> claims = Array.Empty<Claim>();
-        var authenticationMethod = auth?.Principal?.FindFirst(ClaimTypes.AuthenticationMethod);
-        var amr = auth?.Principal?.FindFirst("amr");
+        var authenticationMethod = auth.Principal?.FindFirst(ClaimTypes.AuthenticationMethod);
+        var amr = auth.Principal?.FindFirst("amr");
 
         if (authenticationMethod != null || amr != null)
         {
@@ -193,7 +210,8 @@ public virtual async Task RefreshSignInAsync(TUser user)
             }
         }
 
-        await SignInWithClaimsAsync(user, auth?.Properties, claims);
+        await SignInWithClaimsAsync(user, auth.Properties, claims);
+        return (true, auth.Properties?.IsPersistent ?? false);
     }
 
     /// <summary>
@@ -345,12 +363,23 @@ public virtual async Task<bool> ValidateSecurityStampAsync(TUser? user, string?
     public virtual async Task<SignInResult> PasswordSignInAsync(TUser user, string password,
         bool isPersistent, bool lockoutOnFailure)
     {
-        ArgumentNullException.ThrowIfNull(user);
+        try
+        {
+            ArgumentNullException.ThrowIfNull(user);
+
+            var attempt = await CheckPasswordSignInAsync(user, password, lockoutOnFailure);
+            var result = attempt.Succeeded
+                ? await SignInOrTwoFactorAsync(user, isPersistent)
+                : attempt;
+            _metrics?.SignIn(typeof(TUser).FullName!, AuthenticationScheme, result, SignInType.Password, isPersistent);
 
-        var attempt = await CheckPasswordSignInAsync(user, password, lockoutOnFailure);
-        return attempt.Succeeded
-            ? await SignInOrTwoFactorAsync(user, isPersistent)
-            : attempt;
+            return result;
+        }
+        catch (Exception ex)
+        {
+            _metrics?.SignIn(typeof(TUser).FullName!, AuthenticationScheme, result: null, SignInType.Password, isPersistent, ex);
+            throw;
+        }
     }
 
     /// <summary>
@@ -369,6 +398,7 @@ public virtual async Task<SignInResult> PasswordSignInAsync(string userName, str
         var user = await UserManager.FindByNameAsync(userName);
         if (user == null)
         {
+            _metrics?.SignIn(typeof(TUser).FullName!, AuthenticationScheme, SignInResult.Failed, SignInType.Password, isPersistent);
             return SignInResult.Failed;
         }
 
@@ -386,8 +416,24 @@ public virtual async Task<SignInResult> PasswordSignInAsync(string userName, str
     /// <returns></returns>
     public virtual async Task<SignInResult> CheckPasswordSignInAsync(TUser user, string password, bool lockoutOnFailure)
     {
-        ArgumentNullException.ThrowIfNull(user);
+        try
+        {
+            ArgumentNullException.ThrowIfNull(user);
+
+            var result = await CheckPasswordSignInCoreAsync(user, password, lockoutOnFailure);
+            _metrics?.CheckPasswordSignIn(typeof(TUser).FullName!, result);
+
+            return result;
+        }
+        catch (Exception ex)
+        {
+            _metrics?.CheckPasswordSignIn(typeof(TUser).FullName!, result: null, ex);
+            throw;
+        }
+    }
 
+    private async Task<SignInResult> CheckPasswordSignInCoreAsync(TUser user, string password, bool lockoutOnFailure)
+    {
         var error = await PreSignInCheck(user);
         if (error != null)
         {
@@ -461,19 +507,37 @@ public virtual async Task<bool> IsTwoFactorClientRememberedAsync(TUser user)
     /// <returns>The task object representing the asynchronous operation.</returns>
     public virtual async Task RememberTwoFactorClientAsync(TUser user)
     {
-        var principal = await StoreRememberClient(user);
-        await Context.SignInAsync(IdentityConstants.TwoFactorRememberMeScheme,
-            principal,
-            new AuthenticationProperties { IsPersistent = true });
+        try
+        {
+            var principal = await StoreRememberClient(user);
+            await Context.SignInAsync(IdentityConstants.TwoFactorRememberMeScheme,
+                principal,
+                new AuthenticationProperties { IsPersistent = true });
+            _metrics?.RememberTwoFactorClient(typeof(TUser).FullName!, IdentityConstants.TwoFactorRememberMeScheme);
+        }
+        catch (Exception ex)
+        {
+            _metrics?.RememberTwoFactorClient(typeof(TUser).FullName!, IdentityConstants.TwoFactorRememberMeScheme, ex);
+            throw;
+        }
     }
 
     /// <summary>
     /// Clears the "Remember this browser flag" from the current browser, as an asynchronous operation.
     /// </summary>
     /// <returns>The task object representing the asynchronous operation.</returns>
-    public virtual Task ForgetTwoFactorClientAsync()
+    public virtual async Task ForgetTwoFactorClientAsync()
     {
-        return Context.SignOutAsync(IdentityConstants.TwoFactorRememberMeScheme);
+        try
+        {
+            await Context.SignOutAsync(IdentityConstants.TwoFactorRememberMeScheme);
+            _metrics?.ForgetTwoFactorClient(typeof(TUser).FullName!, IdentityConstants.TwoFactorRememberMeScheme);
+        }
+        catch (Exception ex)
+        {
+            _metrics?.ForgetTwoFactorClient(typeof(TUser).FullName!, IdentityConstants.TwoFactorRememberMeScheme, ex);
+            throw;
+        }
     }
 
     /// <summary>
@@ -482,6 +546,22 @@ public virtual Task ForgetTwoFactorClientAsync()
     /// <param name="recoveryCode">The two factor recovery code.</param>
     /// <returns></returns>
     public virtual async Task<SignInResult> TwoFactorRecoveryCodeSignInAsync(string recoveryCode)
+    {
+        try
+        {
+            var result = await TwoFactorRecoveryCodeSignInCoreAsync(recoveryCode);
+            _metrics?.SignIn(typeof(TUser).FullName!, AuthenticationScheme, result, SignInType.TwoFactorRecoveryCode, isPersistent: false);
+
+            return result;
+        }
+        catch (Exception ex)
+        {
+            _metrics?.SignIn(typeof(TUser).FullName!, AuthenticationScheme, result: null, SignInType.TwoFactorRecoveryCode, isPersistent: false, ex);
+            throw;
+        }
+    }
+
+    private async Task<SignInResult> TwoFactorRecoveryCodeSignInCoreAsync(string recoveryCode)
     {
         var twoFactorInfo = await RetrieveTwoFactorInfoAsync();
         if (twoFactorInfo == null)
@@ -510,8 +590,10 @@ private async Task<SignInResult> DoTwoFactorSignInAsync(TUser user, TwoFactorAut
             return SignInResult.Failed;
         }
 
-        var claims = new List<Claim>();
-        claims.Add(new Claim("amr", "mfa"));
+        var claims = new List<Claim>
+        {
+            new Claim("amr", "mfa")
+        };
 
         if (twoFactorInfo.LoginProvider != null)
         {
@@ -545,6 +627,22 @@ private async Task<SignInResult> DoTwoFactorSignInAsync(TUser user, TwoFactorAut
     /// <returns>The task object representing the asynchronous operation containing the <see name="SignInResult"/>
     /// for the sign-in attempt.</returns>
     public virtual async Task<SignInResult> TwoFactorAuthenticatorSignInAsync(string code, bool isPersistent, bool rememberClient)
+    {
+        try
+        {
+            var result = await TwoFactorAuthenticatorSignInCoreAsync(code, isPersistent, rememberClient);
+            _metrics?.SignIn(typeof(TUser).FullName!, AuthenticationScheme, result, SignInType.TwoFactorAuthenticator, isPersistent);
+
+            return result;
+        }
+        catch (Exception ex)
+        {
+            _metrics?.SignIn(typeof(TUser).FullName!, AuthenticationScheme, result: null, SignInType.TwoFactorAuthenticator, isPersistent, ex);
+            throw;
+        }
+    }
+
+    private async Task<SignInResult> TwoFactorAuthenticatorSignInCoreAsync(string code, bool isPersistent, bool rememberClient)
     {
         var twoFactorInfo = await RetrieveTwoFactorInfoAsync();
         if (twoFactorInfo == null)
@@ -593,6 +691,22 @@ public virtual async Task<SignInResult> TwoFactorAuthenticatorSignInAsync(string
     /// <returns>The task object representing the asynchronous operation containing the <see name="SignInResult"/>
     /// for the sign-in attempt.</returns>
     public virtual async Task<SignInResult> TwoFactorSignInAsync(string provider, string code, bool isPersistent, bool rememberClient)
+    {
+        try
+        {
+            var result = await TwoFactorSignInCoreAsync(provider, code, isPersistent, rememberClient);
+            _metrics?.SignIn(typeof(TUser).FullName!, AuthenticationScheme, result, SignInType.TwoFactor, isPersistent);
+
+            return result;
+        }
+        catch (Exception ex)
+        {
+            _metrics?.SignIn(typeof(TUser).FullName!, AuthenticationScheme, result: null, SignInType.TwoFactor, isPersistent, ex);
+            throw;
+        }
+    }
+
+    private async Task<SignInResult> TwoFactorSignInCoreAsync(string provider, string code, bool isPersistent, bool rememberClient)
     {
         var twoFactorInfo = await RetrieveTwoFactorInfoAsync();
         if (twoFactorInfo == null)
@@ -666,6 +780,22 @@ public virtual Task<SignInResult> ExternalLoginSignInAsync(string loginProvider,
     /// <returns>The task object representing the asynchronous operation containing the <see name="SignInResult"/>
     /// for the sign-in attempt.</returns>
     public virtual async Task<SignInResult> ExternalLoginSignInAsync(string loginProvider, string providerKey, bool isPersistent, bool bypassTwoFactor)
+    {
+        try
+        {
+            var result = await ExternalLoginSignInCoreAsync(loginProvider, providerKey, isPersistent, bypassTwoFactor);
+            _metrics?.SignIn(typeof(TUser).FullName!, AuthenticationScheme, result, SignInType.External, isPersistent);
+
+            return result;
+        }
+        catch (Exception ex)
+        {
+            _metrics?.SignIn(typeof(TUser).FullName!, AuthenticationScheme, result: null, SignInType.External, isPersistent, ex);
+            throw;
+        }
+    }
+
+    private async Task<SignInResult> ExternalLoginSignInCoreAsync(string loginProvider, string providerKey, bool isPersistent, bool bypassTwoFactor)
     {
         var user = await UserManager.FindByLoginAsync(loginProvider, providerKey);
         if (user == null)