public async Task <IHttpActionResult> GetExternalLogin(string provider, string error = null) { if (error != null) { return(Redirect(Url.Content("~/") + "#error=" + Uri.EscapeDataString(error))); } if (!User.Identity.IsAuthenticated) { return(new ChallengeResult(provider, this)); } ExternalLoginData externalLogin = ExternalLoginData.FromIdentity(User.Identity as ClaimsIdentity); if (externalLogin == null) { return(InternalServerError()); } if (externalLogin.LoginProvider != provider) { Authentication.SignOut(DefaultAuthenticationTypes.ExternalCookie); return(new ChallengeResult(provider, this)); } //ApplicationUser user = await UserManager.FindAsync(new UserLoginInfo(externalLogin.LoginProvider, // externalLogin.ProviderKey)); AspNetUser user = await UserManager.FindAsync(new UserLoginInfo(externalLogin.LoginProvider, externalLogin.ProviderKey)); bool hasRegistered = user != null; if (hasRegistered) { Authentication.SignOut(DefaultAuthenticationTypes.ExternalCookie); ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(UserManager, OAuthDefaults.AuthenticationType); ClaimsIdentity cookieIdentity = await user.GenerateUserIdentityAsync(UserManager, CookieAuthenticationDefaults.AuthenticationType); AuthenticationProperties properties = ApplicationOAuthProvider.CreateProperties(user.UserName); Authentication.SignIn(properties, oAuthIdentity, cookieIdentity); } else { IEnumerable <Claim> claims = externalLogin.GetClaims(); ClaimsIdentity identity = new ClaimsIdentity(claims, OAuthDefaults.AuthenticationType); Authentication.SignIn(identity); } return(Ok()); }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { try { var userManager = context.OwinContext.GetUserManager <Implementation.Identity.ApplicationUserManager>(); var userName = context.UserName; if (context.UserName.Contains("@")) { var aspNetUser = await userManager.FindByEmailAsync(context.UserName); if (aspNetUser == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } userName = aspNetUser.UserName; } AspNetUser user = await userManager.FindAsync(userName, context.Password); if (user == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType); ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager, CookieAuthenticationDefaults.AuthenticationType); var props = new AuthenticationProperties(new Dictionary <string, string> { { "as:client_id", context.ClientId ?? string.Empty }, { "userName", user.UserName }, { "UserRole", user.AspNetRoles.FirstOrDefault()?.Name } }); AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, props); context.Validated(ticket); context.Request.Context.Authentication.SignIn(cookiesIdentity); } catch (Exception ex) { context.SetError("invalid_grant", "Something went wrong while signing in. Contact Development Team"); } }
private async Task SignInAsync(AspNetUser user, bool isPersistent) { AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie, DefaultAuthenticationTypes.TwoFactorCookie); AuthenticationManager.SignIn(new AuthenticationProperties { IsPersistent = isPersistent }, await user.GenerateUserIdentityAsync(UserManager, DefaultAuthenticationTypes.ApplicationCookie)); }
public async Task <ActionResult> Login(LoginViewModel model, string returnUrl) { if (!ModelState.IsValid) { return(View(model)); } // This doen't count login failures towards lockout only two factor authentication // To enable password failures to trigger lockout, change to shouldLockout: true AspNetUser user = await UserManager.FindByNameAsync(model.Email); if (user == null) { ModelState.AddModelError("", "Error! Invalid email."); return(View(model)); } ClaimsIdentity identity = await user.GenerateUserIdentityAsync(UserManager, DefaultAuthenticationTypes.ApplicationCookie); AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie); if (user != null) { if (!await UserManager.IsEmailConfirmedAsync(user.Id)) { ModelState.AddModelError("", "Please confirm your email"); return(View()); } } // This doen't count login failures towards lockout only two factor authentication // To enable password failures to trigger lockout, change to shouldLockout: true var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout : false); switch (result) { case SignInStatus.Success: { // Parse TimeZoneOffset. var timeZoneCookie = Request.Cookies["_timeZoneOffset"]; var timeZoneOffSetValue = TimeSpan.FromMinutes(0); if (timeZoneCookie != null) { double offsetMinutes = 0; if (double.TryParse(timeZoneCookie.Value, out offsetMinutes)) { timeZoneOffSetValue = TimeSpan.FromMinutes(offsetMinutes); } } claimsSecurityService.AddClaimsToIdentity(user.UserDomainKey, user.AspNetRoles.FirstOrDefault().Name, user.UserName, timeZoneOffSetValue, identity); SetUserPermissions(user, identity); AuthenticationManager.SignIn(new AuthenticationProperties { IsPersistent = true }, identity); return(RedirectToLocal(returnUrl)); } case SignInStatus.LockedOut: { return(View("Lockout")); } case SignInStatus.RequiresVerification: { return(RedirectToAction("SendCode", new { ReturnUrl = returnUrl })); } case SignInStatus.Failure: default: { ModelState.AddModelError("", "Invalid login attempt."); } return(View(model)); } }