public async override Task GrantResourceOwnerCredentials(GrantResourceOwnerCredentialsContext context)
{
var userManager = context
.HttpContext
.RequestServices
.GetRequiredService<UserManager<ApplicationUser>>();
var user = await userManager.FindByNameAsync(context.UserName);
if (!await userManager.CheckPasswordAsync(user, context.Password))
{
context.Rejected(OpenIdConnectConstants.Errors.InvalidGrant, "Invalid username or password");
return;
}
var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme);
// this automatically goes into the token and id_token
identity.AddClaim(ClaimTypes.NameIdentifier, user.UserName);
// the other claims require explicit destinations
identity.AddClaim(ClaimTypes.Name, user.FirstName, "token id_token");
identity.AddClaim(ClaimTypes.Surname, user.LastName, "token id_token");
var principal = new ClaimsPrincipal(identity);
context.Validated(principal);
}
public override Task GrantResourceOwnerCredentials(
GrantResourceOwnerCredentialsContext context)
{
// Validate the credentials here (e.g using ASP.NET Identity).
// You can call Rejected() with an error code/description to reject
// the request and return a message to the caller.
var identity =
new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme);
identity.AddClaim(ClaimTypes.NameIdentifier, "todo");
// By default, claims are not serialized in the access and identity tokens.
// Use the overload taking a "destination" to make sure your claims
// are correctly inserted in the appropriate tokens.
identity.AddClaim("urn:customclaim", "value", "token id_token");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
new AuthenticationProperties(),
context.Options.AuthenticationScheme);
// Call SetResources with the list of resource servers
// the access token should be issued for.
ticket.SetResources(new[] { "resource_server_1" });
// Call SetScopes with the list of scopes you want to grant
// (specify offline_access to issue a refresh token).
ticket.SetScopes(new[] { "profile", "offline_access" });
context.Validated(ticket);
return(Task.FromResult <object>(null));
}
public override Task GrantResourceOwnerCredentials(
GrantResourceOwnerCredentialsContext context)
{
var identity =
new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme);
identity.AddClaim(ClaimTypes.NameIdentifier, "todo");
// By default, claims are not serialized in the access and identity tokens.
// Use the overload taking a "destination" to make sure your claims
// are correctly inserted in the appropriate tokens.
identity.AddClaim("urn:customclaim", "value", "token id_token");
var principal = new ClaimsPrincipal(identity);
context.Validated(principal);
return(Task.FromResult <object>(null));
}
public override Task GrantResourceOwnerCredentials(GrantResourceOwnerCredentialsContext context)
{
var user = us.IsValidUser(context.UserName, context.Password);
if(user!= null)
{
// Validate the credentials here (e.g using ASP.NET Identity).
// You can call Rejected() with an error code/description to reject
// the request and return a message to the caller.
VMUser vu = new VMUser(user);
var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme);
identity.AddClaim(ClaimTypes.NameIdentifier, user.username, "token id_token");
identity.AddClaim("profile", JsonConvert.SerializeObject(vu), "token id_token");
// By default, claims are not serialized in the access and identity tokens.
// Use the overload taking a "destination" to make sure your claims
// are correctly inserted in the appropriate tokens.
// identity.AddClaim("urn:customclaim", "value", "token id_token");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
new AuthenticationProperties(),
context.Options.AuthenticationScheme);
// Call SetResources with the list of resource servers
// the access token should be issued for.
ticket.SetResources(new[] { "api" });
// Call SetScopes with the list of scopes you want to grant
// (specify offline_access to issue a refresh token).
ticket.SetScopes(new[] {"api" });
context.Validated(ticket);
}
else
{
context.Rejected();
}
return Task.FromResult<object>(null);
}
/// <summary>
/// Validates the userName and password provided by the user.
/// </summary>
public override async Task GrantResourceOwnerCredentials(GrantResourceOwnerCredentialsContext context)
{
var query = new UserNamePasswordLogin(context.UserName, context.Password);
var result = await ExecuteMessage(context, query);
if (!result.Succeeded)
{
context.Rejected("invalid_grant", "The user name or password is incorrect.");
return;
}
SetCorsHeader(context);
var ticket = CreateAuthenticationTicket(result, context);
context.Validated(ticket);
}
public override Task GrantResourceOwnerCredentials(GrantResourceOwnerCredentialsContext context) {
var user = new { Id = "users-123", UserName = "******", Password = "******" };
if (context.UserName != user.UserName || context.Password != user.Password) {
context.Rejected("Invalid username or password.");
return Task.FromResult(0);
}
var identity = new ClaimsIdentity(OpenIdConnectDefaults.AuthenticationScheme);
identity.AddClaim(ClaimTypes.NameIdentifier, user.Id, "id_token token");
identity.AddClaim(ClaimTypes.Name, user.UserName, "id_token token");
context.Validated(new ClaimsPrincipal(identity));
return Task.FromResult(0);
}
public override Task GrantResourceOwnerCredentials(
GrantResourceOwnerCredentialsContext context)
{
// Validate the credentials here (e.g using ASP.NET Identity).
// You can call Rejected() with an error code/description to reject
// the request and return a message to the caller.
var identity =
new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme);
identity.AddClaim(ClaimTypes.NameIdentifier, "todo");
// By default, claims are not serialized in the access and identity tokens.
// Use the overload taking a "destination" to make sure your claims
// are correctly inserted in the appropriate tokens.
identity.AddClaim("urn:customclaim", "value", "token id_token");
var principal = new ClaimsPrincipal(identity);
context.Validated(principal);
return(Task.FromResult <object>(null));
}
public override async Task GrantClientCredentialsAsync(GrantResourceOwnerCredentialsContext context)
{
var form = context.Request.Form;
var clientId = form.First(c => c.Key.Equals("client_id")).Value;
if (string.IsNullOrEmpty(clientId))
{
context.SetError("ErrorCode:001 - The client_id is not set");
return;
}
var client = AppClientsStore.FindClient(clientId);
if (client == null)
{
context.SetError("ErrorCode:002 - The client_id is incorrect");
return;
}
var authVerifyCallback = await _mediator.Send(new AuthenticationUser.Query()
{
Email = context.UserName, Password = context.Password
});
if (authVerifyCallback.IsFailure)
{
context.SetError("ErrorCode:003 - Invalid user authentication");
return;
}
var user = authVerifyCallback.Success;
var claims = new List <Claim>
{
new Claim("UserId", user.Id.ToString()),
new Claim(ClaimTypes.Email, user.Email),
new Claim(ClaimTypes.Name, user.Name),
new Claim("aud", clientId),
};
context.Validated(claims);
await Task.FromResult(0);
}
public override Task GrantResourceOwnerCredentials(GrantResourceOwnerCredentialsContext context)
{
var user = new { Id = "users-123", UserName = "******", Password = "******" };
if (context.UserName != user.UserName || context.Password != user.Password)
{
context.Rejected("Invalid username or password.");
return(Task.FromResult(0));
}
var identity = new ClaimsIdentity(OpenIdConnectDefaults.AuthenticationScheme);
identity.AddClaim(ClaimTypes.NameIdentifier, user.Id, "id_token token");
identity.AddClaim(ClaimTypes.Name, user.UserName, "id_token token");
context.Validated(new ClaimsPrincipal(identity));
return(Task.FromResult(0));
}
public override async Task GrantResourceOwnerCredentials(GrantResourceOwnerCredentialsContext context)
{
// Don't inject the UserManager to avoid save a reference for the application lifetime
// Internally manages an EF DbContext
var userManager = context.HttpContext.RequestServices.GetRequiredService <UserManager <ApplicationUser> >();
bool isValidUser = false;
var user = await userManager.FindByNameAsync(context.UserName);
if (user != null)
{
isValidUser = await userManager.CheckPasswordAsync(user, context.Password);
}
if (isValidUser)
{
var claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, user.UserName),
new Claim(ClaimTypes.Email, user.Email),
new Claim(ClaimTypes.GivenName, user.FullName),
};
claims.AddRange(context.Scope.Select(scope => new Claim("scope", scope)));
var claimsPrincipal = new ClaimsPrincipal(
new ClaimsIdentity(claims, OpenIdConnectServerDefaults.AuthenticationScheme));
var ticket = new AuthenticationTicket(
claimsPrincipal,
new AuthenticationProperties(),
OpenIdConnectServerDefaults.AuthenticationScheme);
context.Validated(ticket);
}
else
{
context.Rejected();
}
}
