public HttpResponseMessage OAuth(ServiceModel.OAuthSignInModel model) { if (!ModelState.IsValid) { return(Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson())); } //validate user var provider = AuthFactory.GetProvider(model.Provider, model.AuthToken); var userInfo = provider.GetUser(); string userId = userInfo.UserId; if (string.IsNullOrWhiteSpace(userId)) { ModelState.AddModelError("", string.Format("{0} could not locate a user using the provided auth token.")); return(Request.CreateResponse(HttpStatusCode.Unauthorized, ModelState.ToJson())); } //get actual user var user = context.GetAll <DomainModel.User>() .FirstOrDefault(u => u.OAuthProvider.Equals(model.Provider, StringComparison.OrdinalIgnoreCase) && u.OAuthUserId.Equals(userId, StringComparison.OrdinalIgnoreCase)); if (user == null) { //try to find users by existing email address (mostly to clean up v1) if (!string.IsNullOrWhiteSpace(userInfo.Email)) { user = context.GetAll <DomainModel.User>() .FirstOrDefault(u => u.EmailAddress.Equals(userInfo.Email, StringComparison.OrdinalIgnoreCase)); } //user really is new, lets create them if (user == null) { user = new DomainModel.User(model.Provider, userId); context.Add(user); } user.EmailAddress = userInfo.Email; user.ImagePath = userInfo.PictureUrl; user.FirstName = userInfo.FirstName; user.LastName = userInfo.LastName; if (string.IsNullOrWhiteSpace(user.ImagePath)) { var defaultImage = new Uri(Request.RequestUri, "/images/GenericUserImage.gif"); user.ImagePath = defaultImage.ToString(); } context.SaveChanges(); } //FormsAuthentication.SetAuthCookie(user.EmailAddress, true); return(Request.CreateResponse(HttpStatusCode.OK, user.MapToServiceModel())); }