public async override Task GrantResourceOwnerCredentials(GrantResourceOwnerCredentialsContext context)
{
var userManager = context
.HttpContext
.RequestServices
.GetRequiredService<UserManager<ApplicationUser>>();
var user = await userManager.FindByNameAsync(context.UserName);
if (!await userManager.CheckPasswordAsync(user, context.Password))
{
context.Rejected(OpenIdConnectConstants.Errors.InvalidGrant, "Invalid username or password");
return;
}
var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme);
// this automatically goes into the token and id_token
identity.AddClaim(ClaimTypes.NameIdentifier, user.UserName);
// the other claims require explicit destinations
identity.AddClaim(ClaimTypes.Name, user.FirstName, "token id_token");
identity.AddClaim(ClaimTypes.Surname, user.LastName, "token id_token");
var principal = new ClaimsPrincipal(identity);
context.Validated(principal);
}
/// <summary>
/// Validates the userName and password provided by the user.
/// </summary>
public override async Task GrantResourceOwnerCredentials(GrantResourceOwnerCredentialsContext context)
{
var query = new UserNamePasswordLogin(context.UserName, context.Password);
var result = await ExecuteMessage(context, query);
if (!result.Succeeded)
{
context.Rejected("invalid_grant", "The user name or password is incorrect.");
return;
}
SetCorsHeader(context);
var ticket = CreateAuthenticationTicket(result, context);
context.Validated(ticket);
}
public override Task GrantResourceOwnerCredentials(GrantResourceOwnerCredentialsContext context) {
var user = new { Id = "users-123", UserName = "******", Password = "******" };
if (context.UserName != user.UserName || context.Password != user.Password) {
context.Rejected("Invalid username or password.");
return Task.FromResult(0);
}
var identity = new ClaimsIdentity(OpenIdConnectDefaults.AuthenticationScheme);
identity.AddClaim(ClaimTypes.NameIdentifier, user.Id, "id_token token");
identity.AddClaim(ClaimTypes.Name, user.UserName, "id_token token");
context.Validated(new ClaimsPrincipal(identity));
return Task.FromResult(0);
}
public override Task GrantResourceOwnerCredentials(GrantResourceOwnerCredentialsContext context)
{
var user = new { Id = "users-123", UserName = "******", Password = "******" };
if (context.UserName != user.UserName || context.Password != user.Password)
{
context.Rejected("Invalid username or password.");
return(Task.FromResult(0));
}
var identity = new ClaimsIdentity(OpenIdConnectDefaults.AuthenticationScheme);
identity.AddClaim(ClaimTypes.NameIdentifier, user.Id, "id_token token");
identity.AddClaim(ClaimTypes.Name, user.UserName, "id_token token");
context.Validated(new ClaimsPrincipal(identity));
return(Task.FromResult(0));
}
public override async Task GrantResourceOwnerCredentials(GrantResourceOwnerCredentialsContext context)
{
// Don't inject the UserManager to avoid save a reference for the application lifetime
// Internally manages an EF DbContext
var userManager = context.HttpContext.RequestServices.GetRequiredService <UserManager <ApplicationUser> >();
bool isValidUser = false;
var user = await userManager.FindByNameAsync(context.UserName);
if (user != null)
{
isValidUser = await userManager.CheckPasswordAsync(user, context.Password);
}
if (isValidUser)
{
var claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, user.UserName),
new Claim(ClaimTypes.Email, user.Email),
new Claim(ClaimTypes.GivenName, user.FullName),
};
claims.AddRange(context.Scope.Select(scope => new Claim("scope", scope)));
var claimsPrincipal = new ClaimsPrincipal(
new ClaimsIdentity(claims, OpenIdConnectServerDefaults.AuthenticationScheme));
var ticket = new AuthenticationTicket(
claimsPrincipal,
new AuthenticationProperties(),
OpenIdConnectServerDefaults.AuthenticationScheme);
context.Validated(ticket);
}
else
{
context.Rejected();
}
}
public override Task GrantResourceOwnerCredentials(GrantResourceOwnerCredentialsContext context)
{
var user = us.IsValidUser(context.UserName, context.Password);
if(user!= null)
{
// Validate the credentials here (e.g using ASP.NET Identity).
// You can call Rejected() with an error code/description to reject
// the request and return a message to the caller.
VMUser vu = new VMUser(user);
var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme);
identity.AddClaim(ClaimTypes.NameIdentifier, user.username, "token id_token");
identity.AddClaim("profile", JsonConvert.SerializeObject(vu), "token id_token");
// By default, claims are not serialized in the access and identity tokens.
// Use the overload taking a "destination" to make sure your claims
// are correctly inserted in the appropriate tokens.
// identity.AddClaim("urn:customclaim", "value", "token id_token");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
new AuthenticationProperties(),
context.Options.AuthenticationScheme);
// Call SetResources with the list of resource servers
// the access token should be issued for.
ticket.SetResources(new[] { "api" });
// Call SetScopes with the list of scopes you want to grant
// (specify offline_access to issue a refresh token).
ticket.SetScopes(new[] {"api" });
context.Validated(ticket);
}
else
{
context.Rejected();
}
return Task.FromResult<object>(null);
}
