//protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
//{
// if (!HttpContext.Current.User.Identity.IsAuthenticated)
// {
// base.HandleUnauthorizedRequest(actionContext);
// }
// else
// {
// actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
// }
//}
public virtual bool HasAdminAccess()
{
var permissionService = AutofacLifetimeScope.Resolve <IPermissionService>();
var customerService = AutofacLifetimeScope.Resolve <ICustomerService>();
string userName = HttpContext.Current.User.Identity.Name;
var customer = customerService.GetCustomerByUsername(userName);
bool result = permissionService.Authorize(StandardPermissionProvider.AccessAdminPanel, customer);
return(result);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin");
if (allowedOrigin == null)
{
allowedOrigin = "*";
}
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
CustomerRegistrationService = CustomerRegistrationService ?? AutofacLifetimeScope.Resolve <ICustomerRegistrationService>(context.OwinContext);
CustomerService = CustomerService ?? AutofacLifetimeScope.Resolve <ICustomerService>(context.OwinContext);
Customer customer = CustomerService.GetCustomerByEmail(context.UserName);
var validationResult = CustomerRegistrationService.ValidateCustomer(context.UserName, context.Password);
if (validationResult != CustomerLoginResults.Successful)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
//var unitofWork = AutofacLifetimeScope.Resolve<Data.Infrastructure.IUnitOfWork>(context.OwinContext);
BaseService = BaseService ?? AutofacLifetimeScope.Resolve <IBaseService>(context.OwinContext);
ShoppingCartService = ShoppingCartService ?? AutofacLifetimeScope.Resolve <IShoppingCartService>(context.OwinContext);
CustomerActivityService = CustomerActivityService ?? AutofacLifetimeScope.Resolve <ICustomerActivityService>(context.OwinContext);
//migrate shopping cart
ShoppingCartService.MigrateShoppingCart(BaseService.WorkContext.CurrentCustomer, customer, true);
//activity log
CustomerActivityService.InsertActivity(customer, "PublicStore.Login", "Login");
BaseService.Commit();
//unitofWork.Commit();
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Role, string.Join(",", customer.CustomerRoles.Select(r => r.Name))));
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
identity.AddClaim(new Claim("sub", context.UserName));
//context.Validated(identity);
//new code
var props = new AuthenticationProperties(new Dictionary <string, string>
{
{
"as:client_id", (context.ClientId == null) ? string.Empty : context.ClientId
},
{
"userName", context.UserName
}
});
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
//context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" }); // To allow CORS on the token middleware provider
}
