/// <summary>
/// Determines whether a given set of resource owner credentials is valid based on the authorization server's user
/// database
/// and if so records an authorization entry such that subsequent calls to <see cref="IsAuthorizationValid" /> would
/// return <c>true</c>.
/// </summary>
/// <param name="userName">Username on the account.</param>
/// <param name="password">The user's password.</param>
/// <param name="accessRequest">
/// The access request the credentials came with.
/// This may be useful if the authorization server wishes to apply some policy based on the client that is making the
/// request.
/// </param>
/// <returns>A value that describes the result of the authorization check.</returns>
/// <exception cref="NotSupportedException">
/// May be thrown if the authorization server does not support the resource owner password credential grant type.
/// </exception>
public AutomatedUserAuthorizationCheckResponse CheckAuthorizeResourceOwnerCredentialGrant(string userName,
string password, IAccessTokenRequest accessRequest)
{
Guard.NotNullOrEmpty(() => userName, userName);
Guard.NotNullOrEmpty(() => password, password);
Guard.NotNull(() => accessRequest, accessRequest);
bool approved = false;
//Ensure client exists
if (IsClientExist(accessRequest.ClientIdentifier))
{
// Ensure user exists
IUserAuthInfo user = UserAccountStore.GetUserAuthInfo(userName);
if (user != null)
{
if (IsValidScope(accessRequest))
{
if (user.VerifyPassword(password))
{
approved = true;
//TODO: audit the passed authentication
}
//TODO: audit the failed authentication
}
}
}
return(new AutomatedUserAuthorizationCheckResponse(accessRequest, approved, (approved) ? userName : null));
}
private IUserAuthInfo GetUserAuthInfo(string username)
{
return(UserAccountStore.GetUserAuthInfo(username));
}