/// <summary> /// Called when a request to the Token endpoint arrives with a "grant_type" of "password". This occurs when the user has provided name and password /// credentials directly into the client application's user interface, and the client application is using those to acquire an "access_token" and /// optional "refresh_token". If the web application supports the /// resource owner credentials grant type it must validate the context.Username and context.Password as appropriate. To issue an /// access token the context.Validated must be called with a new ticket containing the claims about the resource owner which should be associated /// with the access token. The application should take appropriate measures to ensure that the endpoint isn’t abused by malicious callers. /// The default behavior is to reject this grant type. /// See also http://tools.ietf.org/html/rfc6749#section-4.3.2 /// </summary> /// <param name="context">The context of the event carries information in and results out.</param> /// <returns>Task to enable asynchronous execution</returns> public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { Logger.log.Debug("Loggin in in AuthorizationServerProvider"); context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" }); var dto = new AccountDTO() { UserName = context.UserName, Password = context.Password, ConfirmPassword = context.Password }; OperationResultDTO result = null; using (var client = SoapProvider.GetUserServiceClient()) { result = client.CheckCredentials(dto); } if (!result.Result) { Logger.log.Error("The user name of password is incorrect"); context.SetError("invalid_grant", "The user name or password is incorrect."); return; } var identity = ConfigureClaims(context, dto); context.Validated(identity); }
/// <summary> /// Configures the claims. /// </summary> /// <param name="context">The context.</param> /// <param name="dto">The dto.</param> /// <returns>ClaimsIdentity.</returns> private ClaimsIdentity ConfigureClaims(OAuthGrantResourceOwnerCredentialsContext context, AccountDTO dto) { var identity = new ClaimsIdentity(context.Options.AuthenticationType); using (var client = SoapProvider.GetUserServiceClient()) { var user = client.FindUserByCredentials(dto); int createdChatId = 0; using (var botClient = SoapProvider.GetBotServiceClient()) { createdChatId = (int)botClient.AttachBotToUser(user.Id).Info; } identity.AddClaim(new Claim("sub", context.UserName)); identity.AddClaim(new Claim("Id", user.Id.ToString(), ClaimValueTypes.Integer)); identity.AddClaim(new Claim("BotId", createdChatId.ToString(), ClaimValueTypes.Integer)); identity.AddClaim(new Claim("role", "user")); } return(identity); }