public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { try { var scop = context.Scope[0].Split(','); string ip = HttpContext.Current.Request.UserHostAddress; bool isLogOffUser = bool.Parse(scop[0]); string token = scop[1]; var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin"); if (allowedOrigin == null) { allowedOrigin = "*"; } context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin }); IUserService userService = StructureMap.ObjectFactory.GetInstance <IUserService>(); User user = userService.GetUsers(x => x.Email == context.UserName).FirstOrDefault(); if (user == null) { CommonUtility.LoginFailedLog(_userLoginService, ip, context.ClientId); context.SetError("invalid_grant", "Invalid username and password."); return; } if (!user.IsActive) { CommonUtility.LoginFailedLog(_userLoginService, ip, context.ClientId, user.Id); context.SetError("invalid_grant", "Invalid username and password."); return; } if (user.IsLocked) { CommonUtility.LoginFailedLog(_userLoginService, ip, context.ClientId, user.Id); context.SetError("invalid_grant", "Your account is locked. Please contact system administrator."); return; } if (user.IsSuspended) { CommonUtility.LoginFailedLog(_userLoginService, ip, context.ClientId, user.Id); context.SetError("invalid_grant", "Your account is suspended. Please contact system administrator."); return; } if (user.RoleId != 1) { var company = _companyService.GetCompanyById(user.CompanyId); if (!company.IsActive) { CommonUtility.LoginFailedLog(_userLoginService, ip, context.ClientId, user.Id); context.SetError("invalid_grant", "Invalid username and password."); return; } } bool isValid = false; if (scop[2].ToUpper() == "ADMINLOGIN") { isValid = user.Password == context.Password ? true : false; } else { isValid = PasswordHasher.ComparePassword(context.Password, PasswordHasher.CreateByteArray(user.Password), SHA256Managed.Create()); } if (!isValid) { user.InvalidPasswordAttempt = user.InvalidPasswordAttempt + 1; StructureMap.ObjectFactory.GetInstance <IUserService>().UpdateUser(user); CommonUtility.LoginFailedLog(_userLoginService, ip, context.ClientId, user.Id); context.SetError("invalid_grant", "Invalid username and password."); return; } var role = _roleService.GetRoleById(user.RoleId ?? 0); var identity = new ClaimsIdentity(context.Options.AuthenticationType); identity.AddClaim(new Claim("sub", context.UserName)); identity.AddClaim(new Claim("UserId", user.Id.ToString())); identity.AddClaim(new Claim("IPAddress", ip)); identity.AddClaim(new Claim("FirstName", user.FirstName)); identity.AddClaim(new Claim("LastName", user.LastName)); identity.AddClaim(new Claim("UserType", role.UserType.ToString())); identity.AddClaim(new Claim("RoleId", user.RoleId.ToString())); identity.AddClaim(new Claim("ClientId", user.CompanyId.ToString())); identity.AddClaim(new Claim("LabId", user.LabId.ToString())); var props = new AuthenticationProperties(new Dictionary <string, string> { { "as:client_id", (context.ClientId == null) ? string.Empty : context.ClientId }, { "userName", context.UserName }, { "UserId", user.Id.ToString() }, { "IPAddress", ip } , { "FirstName", user.FirstName } , { "LastName", user.LastName } , { "UserType", role.UserType.ToString() } , { "RoleId", user.RoleId.ToString() }, { "CompanyId", user.CompanyId.ToString() } , { "LabId", user.LabId.ToString() } }); var ticket = new AuthenticationTicket(identity, props); context.Validated(ticket); } catch (Exception ex) { context.SetError("invalid_grant", ex.ToString()); } }