public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) {
var allowedOrigin = context.OwinContext.Get<string>("as:clientAllowedOrigin");
if (string.IsNullOrWhiteSpace(allowedOrigin)) {
allowedOrigin = "*";
}
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
var authenticationClient = new AuthenticationClient();
var response = await authenticationClient.Authenticate(new AuthenticateRequest { Username = context.UserName });
var authenticated = response.IsSuccess && response.AuthenticatedUser != null && PasswordHelper.VerifyPassword(context.Password, response.AuthenticatedUser.HashedPassword);
if (!authenticated) {
context.SetError("invalid_grant", "The email or password is incorrect");
return;
}
var claims = new[] {
new Claim("sub", context.UserName),
new Claim("role", response.AuthenticatedUser.RoleName),
new Claim("user_id", response.AuthenticatedUser.Id.ToString())
};
var identity = new ClaimsIdentity(claims, context.Options.AuthenticationType);
if (response.AuthenticatedUser.RoleName == "user") {
context.SetError("invalid_grant", "The user does not have permissions for this service");
return;
}
var props = new AuthenticationProperties(new Dictionary<string, string> {
{ "as:client_id", context.ClientId == null ? string.Empty : context.ClientId },
{ "userName", context.UserName },
{ "role", response.AuthenticatedUser.RoleName },
{ "photo", response.AuthenticatedUser.Photo }
});
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
}
