public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
{
var membership = await Task.Run(() => _contextService.GetContext <Membership>(context.UserName).Result);
context.Result = membership.Password == _cryptographicService.ComputeHash(context.Password) ? new GrantValidationResult(context.UserName, "password")
: new GrantValidationResult(TokenRequestErrors.InvalidGrant, "Invalid credentials.");
}
public bool Login(string username, string password)
{
var conn = GetConnection();
try
{
conn.Open();
var cmd = conn.CreateCommand();
cmd.CommandText = GetUserQuery;
cmd.Parameters.Add(new SqlParameter("@EmailAddress", username));
using (var reader = cmd.ExecuteReader())
{
if (!reader.HasRows)
{
return(false);
}
reader.Read();
var hash = reader.GetString(0);
var salt = reader.GetString(1);
return(hash == _cryptographicService.ComputeHash(password, salt));
}
}
catch (SqlException)
{
throw;
}
finally
{
conn.Close();
}
}
public Task Handle(RegisterUserCommand message)
{
var membership = new Membership(new List <UserClaim>())
{
ContextId = message.MembershipId,
Email = message.EmailId,
AccessFailCount = 0,
ConfirmationToken = message.ConfirmationToken,
IsEmailConfirmed = false,
IsLocked = true,
PasswordSalt = Guid.NewGuid().ToString(),
MemberSinceDate = message.RequestedOn
};
membership.Password = _cryptographicService.ComputeHash(string.Concat(message.Password, membership.PasswordSalt));
var user = new User
{
Id = message.Id,
Username = message.Username
};
membership.Claims.Add(new UserClaim(JwtClaimTypes.Email, message.EmailId));
membership.Claims.Add(new UserClaim(JwtClaimTypes.GivenName, message.Firstname));
membership.Claims.Add(new UserClaim(JwtClaimTypes.FamilyName, message.Lastname));
membership.Claims.Add(new UserClaim(JwtClaimTypes.Subject, message.Id));
user.Contexts = new List <Context>
{
new Context
{
Id = membership.ContextId,
Content = JsonConvert.SerializeObject(membership),
Claims = membership.Claims,
Type = membership.GetType().FullName
}
};
_documentStore.Store(user);
return(Task.CompletedTask);
}
public async Task <IActionResult> Login(LoginInputViewModel viewModel)
{
if (!ModelState.IsValid)
{
return(View(new LoginViewModel(viewModel)));
}
Membership membership = null;
try
{
membership = (_queryService.ExecuteQuery <GetMembershipByUsername, Membership>(new GetMembershipByUsername {
Username = viewModel.Username
}).Result);
}
catch (MemberNotFoundException)
{
//Let this exception pass.
}
catch (Exception)
{
//Need a way to redirect here.
}
var password = _cryptographicService.ComputeHash(string.Concat(viewModel.Password, membership?.PasswordSalt));
if (membership == null || password == null || membership?.Password != password || !membership.IsEmailConfirmed || membership.IsLocked)
{
ModelState.AddModelError("InvalidPassword", "Invalid Username/Password combination OR you are yet to confirm your email OR account is locked.");
await _commandService.ExecuteCommand(new FailedSignInAttemptCommand { Username = viewModel.Username });
return(View(new LoginViewModel(viewModel)));
}
AuthenticationProperties props = null;
if (viewModel.RememberMe)
{
props = new AuthenticationProperties
{
IsPersistent = true,
ExpiresUtc = DateTimeOffset.UtcNow.AddMonths(1)
};
}
;
var result = await _commandService.ExecuteCommand(new SuccessfulSignInCommand { Username = viewModel.Username });
await HttpContext.SignInAsync(membership.GetClaim(JwtClaimTypes.Subject), viewModel.Username, props);
return(Redirect(_interactionService.IsValidReturnUrl(viewModel.ReturnUrl) ? viewModel.ReturnUrl : "~/"));
}
private bool ValidatePassword(UserAccount userAccount, string password)
{
var hash = _cryptographicService.ComputeHash(password, userAccount.PasswordSalt);
return(hash == userAccount.PasswordHash);
}