public IHttpActionResult AutoLogin(string identifier) { var tokenExpiration = TimeSpan.FromDays(1); IdentityUser user = null; using (AuthRepository _repo = new AuthRepository()) { //_repo.RetrieveHash(); user = _repo.FinByIdentifier(identifier); } if (user != null) { Module.Framework.DTO.UserInfoDTO dtoUserInfo = bll.GetUserInfo(user.UserName); ClaimsIdentity identity = new ClaimsIdentity(OAuthDefaults.AuthenticationType); identity.AddClaim(new Claim("sub", user.UserName)); identity.AddClaim(new Claim("subid", dtoUserInfo.UserID.ToString())); identity.AddClaim(new Claim("branchid", dtoUserInfo.UserBranchID.ToString())); identity.AddClaim(new Claim("companyid", dtoUserInfo.UserCompanyID.ToString())); identity.AddClaim(new Claim("factoryid", dtoUserInfo.UserFactoryID.ToString())); identity.AddClaim(new Claim("role", "user")); var props = new AuthenticationProperties() { IssuedUtc = DateTime.UtcNow, ExpiresUtc = DateTime.UtcNow.Add(tokenExpiration), }; var ticket = new AuthenticationTicket(identity, props); var accessToken = Startup.OAuthBearerOptions.AccessTokenFormat.Protect(ticket); JObject tokenResponse = new JObject( new JProperty("access_token", accessToken), new JProperty("expires_in", tokenExpiration.TotalSeconds.ToString()) ); return(Ok(tokenResponse)); } return(Ok()); }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" }); using (AuthRepository _repo = new AuthRepository()) { //_repo.RetrieveHash(); IdentityUser user = await _repo.Login(context.UserName, HttpContext.Current.Server.UrlDecode(context.Password)); if (user == null) { context.SetError("IncorrectLogin"); return; } else if (accountBll.IsAccountDisabled(user.Id)) { context.SetError("AccountDisabled", user.UserName); return; } else if (accountBll.IsNeedToChangePassword(user.Id)) { context.SetError("ChangePassword", user.UserName); return; } } Module.Framework.DTO.UserInfoDTO dtoUserInfo = null; try { dtoUserInfo = bll.GetUserInfo(context.UserName); } catch (Exception ex) { context.SetError("Error", Library.Helper.GetInnerException(ex).Message); return; } var identity = new ClaimsIdentity(context.Options.AuthenticationType); identity.AddClaim(new Claim("sub", context.UserName)); identity.AddClaim(new Claim("subid", dtoUserInfo.UserID.ToString())); identity.AddClaim(new Claim("branchid", dtoUserInfo.UserBranchID.ToString())); identity.AddClaim(new Claim("companyid", dtoUserInfo.UserCompanyID.ToString())); identity.AddClaim(new Claim("factoryid", dtoUserInfo.UserFactoryID.ToString())); identity.AddClaim(new Claim("clientid", dtoUserInfo.UserCientID.HasValue ? dtoUserInfo.UserCientID.ToString() : string.Empty)); identity.AddClaim(new Claim("role", "user")); context.Validated(identity); }