Example #1
0
        public IHttpActionResult AutoLogin(string identifier)
        {
            var          tokenExpiration = TimeSpan.FromDays(1);
            IdentityUser user            = null;

            using (AuthRepository _repo = new AuthRepository())
            {
                //_repo.RetrieveHash();
                user = _repo.FinByIdentifier(identifier);
            }
            if (user != null)
            {
                Module.Framework.DTO.UserInfoDTO dtoUserInfo = bll.GetUserInfo(user.UserName);
                ClaimsIdentity identity = new ClaimsIdentity(OAuthDefaults.AuthenticationType);
                identity.AddClaim(new Claim("sub", user.UserName));
                identity.AddClaim(new Claim("subid", dtoUserInfo.UserID.ToString()));
                identity.AddClaim(new Claim("branchid", dtoUserInfo.UserBranchID.ToString()));
                identity.AddClaim(new Claim("companyid", dtoUserInfo.UserCompanyID.ToString()));
                identity.AddClaim(new Claim("factoryid", dtoUserInfo.UserFactoryID.ToString()));
                identity.AddClaim(new Claim("role", "user"));

                var props = new AuthenticationProperties()
                {
                    IssuedUtc  = DateTime.UtcNow,
                    ExpiresUtc = DateTime.UtcNow.Add(tokenExpiration),
                };

                var ticket      = new AuthenticationTicket(identity, props);
                var accessToken = Startup.OAuthBearerOptions.AccessTokenFormat.Protect(ticket);

                JObject tokenResponse = new JObject(
                    new JProperty("access_token", accessToken),
                    new JProperty("expires_in", tokenExpiration.TotalSeconds.ToString())
                    );

                return(Ok(tokenResponse));
            }
            return(Ok());
        }
Example #2
0
        public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
        {
            context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
            using (AuthRepository _repo = new AuthRepository())
            {
                //_repo.RetrieveHash();
                IdentityUser user = await _repo.Login(context.UserName, HttpContext.Current.Server.UrlDecode(context.Password));

                if (user == null)
                {
                    context.SetError("IncorrectLogin");
                    return;
                }
                else if (accountBll.IsAccountDisabled(user.Id))
                {
                    context.SetError("AccountDisabled", user.UserName);
                    return;
                }
                else if (accountBll.IsNeedToChangePassword(user.Id))
                {
                    context.SetError("ChangePassword", user.UserName);
                    return;
                }
            }

            Module.Framework.DTO.UserInfoDTO dtoUserInfo = null;
            try
            {
                dtoUserInfo = bll.GetUserInfo(context.UserName);
            }
            catch (Exception ex)
            {
                context.SetError("Error", Library.Helper.GetInnerException(ex).Message);
                return;
            }

            var identity = new ClaimsIdentity(context.Options.AuthenticationType);

            identity.AddClaim(new Claim("sub", context.UserName));
            identity.AddClaim(new Claim("subid", dtoUserInfo.UserID.ToString()));
            identity.AddClaim(new Claim("branchid", dtoUserInfo.UserBranchID.ToString()));
            identity.AddClaim(new Claim("companyid", dtoUserInfo.UserCompanyID.ToString()));
            identity.AddClaim(new Claim("factoryid", dtoUserInfo.UserFactoryID.ToString()));
            identity.AddClaim(new Claim("clientid", dtoUserInfo.UserCientID.HasValue ? dtoUserInfo.UserCientID.ToString() : string.Empty));
            identity.AddClaim(new Claim("role", "user"));
            context.Validated(identity);
        }