public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { using (var obj = new MyDemoAppDBEntities()) { User entry = obj.User.Where <User>(record => record.username == context.UserName && record.password == context.Password).FirstOrDefault(); if (entry == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } ClaimsIdentity oAuthIdentity = new ClaimsIdentity(context.Options.AuthenticationType); oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, context.UserName)); oAuthIdentity.AddClaim(new Claim(ClaimTypes.Role, entry.Role.name)); //add roles context.Validated(oAuthIdentity); ClaimsIdentity cookiesIdentity = new ClaimsIdentity(context.Options.AuthenticationType); cookiesIdentity.AddClaim(new Claim(ClaimTypes.Name, context.UserName)); oAuthIdentity.AddClaim(new Claim(ClaimTypes.Role, entry.Role.name)); //add roles context.Validated(cookiesIdentity); AuthenticationProperties properties = CreateProperties(context.UserName); AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); context.Validated(ticket); context.Request.Context.Authentication.SignIn(cookiesIdentity); } }