public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new [] { "*" }); UserData _repo = new UserData(); User user = await _repo.GetUser(context.UserName); bool isError = true; if (user != null) { if (_cryptoService.CheckPassword(context.Password, user.Password)) { isError = false; } } if (isError) { context.SetError("invalid grant", "The user name or password is incorrect."); return; } var identity = new ClaimsIdentity(context.Options.AuthenticationType); if (context.UserName.Contains("3")) { identity.AddClaim(new Claim(ClaimTypes.Role, "User")); } else { identity.AddClaim(new Claim(ClaimTypes.Role, "Admin")); } context.Validated(identity); }