public static IEnumerable <UserPoco> GetUsers()
{
return(new List <UserPoco>
{
new UserPoco {
SubjectId = "1",
Username = "******",
Password = PasswordGenerator.CreateNew("password", "1111"),
Salt = "1111",
Email = "*****@*****.**",
GivenName = "Bob",
FamilyName = "the Builder",
IsActive = true,
ProviderName = "",
ProviderSubjectId = "",
Role = "admin",
AllowedClients = "Client1;Client2",
DateCreated = new DateTime().Date,
DateUpdated = new DateTime().Date,
CreatedBy = "test",
UpdatedBy = "test"
},
new UserPoco {
SubjectId = "2",
Username = "******",
Password = PasswordGenerator.CreateNew("password", "5555"),
Salt = "5555",
Email = "*****@*****.**",
GivenName = "Alice",
FamilyName = "Wonderland",
IsActive = true,
ProviderName = "",
ProviderSubjectId = "",
Role = "employee",
AllowedClients = "Client1;Client3",
DateCreated = new DateTime().Date,
DateUpdated = new DateTime().Date,
CreatedBy = "test",
UpdatedBy = "test"
},
new UserPoco {
SubjectId = "3",
Username = "******",
Password = PasswordGenerator.CreateNew("password", "6666"),
Salt = "6666",
Email = "*****@*****.**",
GivenName = "George",
FamilyName = "Jonhson",
IsActive = true,
ProviderName = "",
ProviderSubjectId = "",
Role = "customer",
AllowedClients = "Client1;Client2;Client3",
DateCreated = new DateTime().Date,
DateUpdated = new DateTime().Date,
CreatedBy = "test",
UpdatedBy = "test"
}
});
}
//this is used to validate your user account with provided grant at /connect/token
public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
{
try
{
//get your user model from db (by username - in my case its email)
var user = _userStore.GetUser(context.UserName);
if (user != null)
{
// check if this user can access this client.
if (!String.IsNullOrEmpty(user.AllowedClients))
{
string[] AllowedClients = user.AllowedClients.Split(";");
var cN = AllowedClients.FirstOrDefault(c => c == context.Request.Client.ClientId);
if (cN.Length == 0)
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "User is denied Client Access for Client: " + context.Request.Client.ClientId);
return;
}
}
else
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "User is denied Client Access for Client: " + context.Request.Client.ClientId);
return;
}
//check if password match
if (user.Password == PasswordGenerator.CreateNew(context.Password, user.Salt))
{
//set the result
context.Result = new GrantValidationResult(
subject: user.SubjectId.ToString(),
authenticationMethod: "custom",
claims: user.Claims
);
return;
}
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "Incorrect password");
return;
}
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "User does not exist.");
return;
}
catch (Exception ex)
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "Invalid username or password");
return; //i added this
}
}
