diff --git a/services/iam-service-net/src/IamService.API/Controllers/AuthController.cs b/services/iam-service-net/src/IamService.API/Controllers/AuthController.cs
index 40526306..911d2197 100644
--- a/services/iam-service-net/src/IamService.API/Controllers/AuthController.cs
+++ b/services/iam-service-net/src/IamService.API/Controllers/AuthController.cs
@@ -77,74 +77,6 @@ public class AuthController : ControllerBase
         return CreatedAtAction(nameof(Register), new { id = result.UserId }, ApiResponse<RegisterUserCommandResult>.Ok(result));
     }
 
-    /// <summary>
-    /// EN: Login with email and password (Resource Owner Password Grant).
-    /// VI: Đăng nhập với email và password (Resource Owner Password Grant).
-    /// </summary>
-    /// <param name="request">Login credentials</param>
-    /// <param name="cancellationToken">Cancellation token</param>
-    /// <returns>Login result with token info</returns>
-    [HttpPost("login")]
-    [SwaggerOperation(
-        Summary = "Login with credentials",
-        Description = "Authenticates a user with email and password. For full OAuth2 flow, use /connect/token endpoint.",
-        OperationId = "Login")]
-    [SwaggerResponse(StatusCodes.Status200OK, "Login successful")]
-    [SwaggerResponse(StatusCodes.Status400BadRequest, "Invalid credentials")]
-    [SwaggerResponse(StatusCodes.Status403Forbidden, "Account locked")]
-    [ProducesResponseType(typeof(ApiResponse<LoginResponse>), StatusCodes.Status200OK)]
-    [ProducesResponseType(StatusCodes.Status400BadRequest)]
-    [ProducesResponseType(StatusCodes.Status403Forbidden)]
-    public async Task<IActionResult> Login(
-        [FromBody, SwaggerRequestBody("Login credentials", Required = true)] LoginRequest request,
-        CancellationToken cancellationToken)
-    {
-        var user = await _userManager.FindByEmailAsync(request.Email);
-        if (user == null)
-        {
-            _logger.LogWarning("Login failed: user not found for {Email}", request.Email);
-            return BadRequest(ApiResponse<LoginResponse>.Fail("INVALID_CREDENTIALS", "Invalid email or password."));
-        }
-
-        // EN: Check password
-        // VI: Kiểm tra password
-        var result = await _signInManager.CheckPasswordSignInAsync(user, request.Password, lockoutOnFailure: true);
-
-        if (result.IsLockedOut)
-        {
-            _logger.LogWarning("Login failed: user {UserId} is locked out", user.Id);
-            await _events.RaiseAsync(new UserLoginFailureEvent(user.Email!, "User locked out", clientId: null));
-            return StatusCode(StatusCodes.Status403Forbidden, 
-                ApiResponse<LoginResponse>.Fail("ACCOUNT_LOCKED", "Account is locked. Please try again later."));
-        }
-
-        if (!result.Succeeded)
-        {
-            _logger.LogWarning("Login failed: invalid password for user {UserId}", user.Id);
-            await _events.RaiseAsync(new UserLoginFailureEvent(user.Email!, "Invalid credentials", clientId: null));
-            return BadRequest(ApiResponse<LoginResponse>.Fail("INVALID_CREDENTIALS", "Invalid email or password."));
-        }
-
-        // EN: Record login
-        // VI: Ghi nhận login
-        user.RecordLogin();
-        await _userManager.UpdateAsync(user);
-
-        await _events.RaiseAsync(new UserLoginSuccessEvent(user.Email!, user.Id.ToString(), user.FullName, clientId: null));
-
-        _logger.LogInformation("User {UserId} logged in successfully", user.Id);
-
-        // EN: Note: Full token response requires OAuth2 flow via /connect/token
-        // VI: Lưu ý: Response token đầy đủ yêu cầu OAuth2 flow qua /connect/token
-        return Ok(ApiResponse<LoginResponse>.Ok(new LoginResponse
-        {
-            Success = true,
-            Message = "Login successful. Use /connect/token with grant_type=password for access tokens.",
-            UserId = user.Id,
-            Email = user.Email!,
-            FullName = user.FullName
-        }));
-    }
 
     /// <summary>
     /// EN: Change user password.
@@ -547,64 +479,6 @@ public class AuthController : ControllerBase
 
 #region Request/Response Models
 
-/// <summary>
-/// EN: Login request body.
-/// VI: Request body đăng nhập.
-/// </summary>
-public class LoginRequest
-{
-    /// <summary>
-    /// EN: User email.
-    /// VI: Email người dùng.
-    /// </summary>
-    /// <example>user@example.com</example>
-    public string Email { get; set; } = string.Empty;
-
-    /// <summary>
-    /// EN: User password.
-    /// VI: Mật khẩu người dùng.
-    /// </summary>
-    /// <example>Password123!</example>
-    public string Password { get; set; } = string.Empty;
-}
-
-/// <summary>
-/// EN: Login response.
-/// VI: Response đăng nhập.
-/// </summary>
-public class LoginResponse
-{
-    /// <summary>
-    /// EN: Whether the login was successful.
-    /// VI: Đăng nhập có thành công không.
-    /// </summary>
-    public bool Success { get; set; }
-
-    /// <summary>
-    /// EN: Result message.
-    /// VI: Thông điệp kết quả.
-    /// </summary>
-    public string Message { get; set; } = string.Empty;
-
-    /// <summary>
-    /// EN: User ID.
-    /// VI: ID người dùng.
-    /// </summary>
-    public Guid UserId { get; set; }
-
-    /// <summary>
-    /// EN: User email.
-    /// VI: Email người dùng.
-    /// </summary>
-    public string Email { get; set; } = string.Empty;
-
-    /// <summary>
-    /// EN: User full name.
-    /// VI: Tên đầy đủ người dùng.
-    /// </summary>
-    public string FullName { get; set; } = string.Empty;
-}
-
 /// <summary>
 /// EN: Request body for changing password.
 /// VI: Request body để đổi mật khẩu.