//http://bitoftech.net/2014/06/01/token-based-authentication-asp-net-web-api-2-owin-asp-net-identity/
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
if (m_UserManager != null)
{
CustomUser user = null;
user = await m_UserManager.FindByNameAsync(context.UserName);
string hashedPassword = CustomPasswordHasher.GetPasswordAfterHashing(context.Password, user);
if (string.Compare(user.PasswordHash, hashedPassword, System.StringComparison.Ordinal) != 0)
{
user = null;
}
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(m_UserManager, OAuthDefaults.AuthenticationType);
AuthenticationProperties properties = CreateProperties(user.UserName);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
//what is this for exactly?
ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(m_UserManager, CookieAuthenticationDefaults.AuthenticationType);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
}
