public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
        {
            try
            {
                //get your user model from db (by username - in my case its email)
                ApplicationUser user = await _uof.Query <ApplicationUser>().FirstOrDefaultAsync(o => o.LoginName == context.UserName);

                if (user != null)
                {
                    //check if password match - remember to hash password if stored as hash in db
                    if (user.Password == context.Password)
                    {
                        //set the result
                        context.Result = new GrantValidationResult(
                            subject: user.Id.ToString(),
                            authenticationMethod: "custom",
                            claims: ProfileService.GetUserClaims(user)
                            );
                        return;
                    }

                    context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "Incorrect password");
                    return;
                }
                context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "User does not exist.");
                return;
            }
            catch (Exception ex)
            {
                context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "Invalid username or password");
                return;
            }
        }
Example #2
0
        public async Task SignInAsync(ApplicationUser user, AuthenticationProperties properties = null, string authenticationMethod = null)
        {
            var claims = new List <Claim>(ProfileService.GetUserClaims(user));

            // Review: should we guard against CreateUserPrincipal returning null?
            if (authenticationMethod != null)
            {
                claims.Add(new Claim(ClaimTypes.AuthenticationMethod, authenticationMethod));
            }
            await Context.SignInAsync(//IdentityConstants.ApplicationScheme,
                user.Id.ToString(), user.LoginName,
                properties ?? new AuthenticationProperties(), claims.ToArray());
        }