public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" }); using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, ESPL.AUTHENTICATION.OWINTOKEN.Models.Constants.DomainName)) { //Validate user credentials with AD if (pc.ValidateCredentials(context.UserName, context.Password)) { int authorizedUserID = 0; //Authorize user if site url is provided in Scope of context if (context.Scope != null && !string.IsNullOrEmpty(context.Scope[0])) { //Get User ID of given user from the site if the user is authorized to access site authorizedUserID = AuthorizeUser.GetUserIDFromSPSite(context.UserName, ESPL.AUTHENTICATION.OWINTOKEN.Models.Constants.QualifiedDomainName, context.Scope[0]); //check authorization id. If user id is zero "0" then the given user is not authorized to access the site if (authorizedUserID == 0) { context.SetError("unauthorized_user", "User is not authorized to access site"); return; } } //Get user information from AD UserPrincipal UserInfoFromAD = UserPrincipal.FindByIdentity(pc, context.UserName.ToString()); var identity = new ClaimsIdentity(context.Options.AuthenticationType); identity.AddClaim(new Claim("LoginName", Convert.ToString(context.UserName))); if (UserInfoFromAD.GivenName == null) { identity.AddClaim(new Claim("FirstName", "")); } else { identity.AddClaim(new Claim("FirstName", Convert.ToString(UserInfoFromAD.GivenName))); } if (UserInfoFromAD.MiddleName == null) { identity.AddClaim(new Claim("MiddleName", "")); } else { identity.AddClaim(new Claim("MiddleName", Convert.ToString(UserInfoFromAD.MiddleName))); } if (UserInfoFromAD.Surname == null) { identity.AddClaim(new Claim("LastName", "")); } else { identity.AddClaim(new Claim("LastName", Convert.ToString(UserInfoFromAD.Surname))); } if (UserInfoFromAD.EmailAddress == null) { identity.AddClaim(new Claim("EmailAddress", "")); } else { identity.AddClaim(new Claim("EmailAddress", Convert.ToString(UserInfoFromAD.EmailAddress))); } if (UserInfoFromAD.VoiceTelephoneNumber == null) { identity.AddClaim(new Claim("Telephone", "")); } else { identity.AddClaim(new Claim("Telephone", Convert.ToString(UserInfoFromAD.VoiceTelephoneNumber))); } if (UserInfoFromAD.EmployeeId == null) { identity.AddClaim(new Claim("EmployeeID", "")); } else { identity.AddClaim(new Claim("EmployeeID", Convert.ToString(UserInfoFromAD.EmployeeId))); } identity.AddClaim(new Claim("UserName", Convert.ToString(UserInfoFromAD.Name))); if (authorizedUserID == 0) { identity.AddClaim(new Claim("UserID", "")); } else { identity.AddClaim(new Claim("UserID", Convert.ToString(authorizedUserID))); } identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName)); context.Validated(identity); } else { context.SetError("inactive_user", "User is not valid custom message"); return; } } }