//http://bitoftech.net/2014/06/01/token-based-authentication-asp-net-web-api-2-owin-asp-net-identity/ public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { if (m_UserManager != null) { CustomUser user = null; user = await m_UserManager.FindByNameAsync(context.UserName); string hashedPassword = CustomPasswordHasher.GetPasswordAfterHashing(context.Password, user); if (string.Compare(user.PasswordHash, hashedPassword, System.StringComparison.Ordinal) != 0) { user = null; } if (user == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(m_UserManager, OAuthDefaults.AuthenticationType); AuthenticationProperties properties = CreateProperties(user.UserName); AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); context.Validated(ticket); //what is this for exactly? ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(m_UserManager, CookieAuthenticationDefaults.AuthenticationType); context.Request.Context.Authentication.SignIn(cookiesIdentity); } }