public async override Task GrantResourceOwnerCredentials(
GrantResourceOwnerCredentialsNotification notification)
{
var username = notification.UserName;
var password = notification.Password;
var userManager = notification
.HttpContext
.RequestServices
.GetRequiredService <UserManager <IdentityUser> >();
var user = await userManager.FindByNameAsync(username);
var isValid = await userManager.CheckPasswordAsync(user, password);
if (isValid)
{
var identity = new ClaimsIdentity(OpenIdConnectDefaults.AuthenticationScheme);
// this automatically goes into the token and id_token
identity.AddClaim(ClaimTypes.NameIdentifier, "TODO: Add an appropriate name identifier.");
// the other claims require explicit destinations
identity.AddClaim(ClaimTypes.Name, username, "token id_token");
identity.AddClaim(ClaimTypes.Surname, "Doe", "token id_token");
var principal = new ClaimsPrincipal(identity);
notification.Validated(principal);
}
}
public override async Task GrantResourceOwnerCredentials(GrantResourceOwnerCredentialsNotification notification)
{
string roleType;
if (!UserAuthenticatedSimple(notification, out roleType))
{
return;
}
//authenticate
var identity = new ClaimsIdentity(OpenIdConnectDefaults.AuthenticationScheme);
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, notification.UserName));
identity.AddClaim(new Claim(ClaimTypes.Role, roleType));
// create metadata to pass on to refresh token provider
var props = new AuthenticationProperties(new Dictionary <string, string>
{
{ "as:client_id", notification.ClientId },
{ "userName", notification.UserName }
});
var principal = new ClaimsPrincipal(identity);
var ticket = new AuthenticationTicket(principal, props, OpenIdConnectDefaults.AuthenticationScheme);
notification.Validated(ticket);
}
public async override Task GrantResourceOwnerCredentials(GrantResourceOwnerCredentialsNotification notification)
{
var username = notification.UserName;
var password = notification.Password;
var userManager = notification
.HttpContext
.RequestServices
.GetRequiredService<UserManager<ApplicationUser>>();
var user = await userManager.FindByNameAsync(username);
var isValid = await userManager.CheckPasswordAsync(user, password);
if (isValid)
{
var identity = new ClaimsIdentity(OpenIdConnectDefaults.AuthenticationScheme);
// this automatically goes into the token and id_token
identity.AddClaim(ClaimTypes.NameIdentifier, user.UserName);
// the other claims require explicit destinations
identity.AddClaim(ClaimTypes.Name, user.FirstName, "token id_token");
identity.AddClaim(ClaimTypes.Surname, user.LastName, "token id_token");
var principal = new ClaimsPrincipal(identity);
notification.Validated(principal);
}
}
public override Task GrantResourceOwnerCredentials(
GrantResourceOwnerCredentialsNotification notification)
{
var identity = new ClaimsIdentity(OpenIdConnectDefaults.AuthenticationScheme);
identity.AddClaim(ClaimTypes.NameIdentifier, "todo");
var principal = new ClaimsPrincipal(identity);
notification.Validated(principal);
return(Task.FromResult <object>(null));
}
public override Task GrantResourceOwnerCredentials(
GrantResourceOwnerCredentialsNotification notification)
{
var identity =
new ClaimsIdentity(OpenIdConnectDefaults.AuthenticationScheme);
identity.AddClaim(ClaimTypes.NameIdentifier, "todo");
// By default, claims are not serialized in the access and identity tokens.
// Use the overload taking a "destination" to make sure your claims
// are correctly inserted in the appropriate tokens.
identity.AddClaim("urn:customclaim", "value", "token id_token");
var principal = new ClaimsPrincipal(identity);
notification.Validated(principal);
return(Task.FromResult <object>(null));
}
private bool UserAuthenticatedSimple(GrantResourceOwnerCredentialsNotification notification, out string roleType)
{
roleType = null;
if (notification.UserName == "sharpiro" && notification.Password == "password")
{
roleType = "admin";
return(true);
}
if (notification.UserName == "revoked" && notification.Password == "revoked")
{
roleType = "admin";
return(true);
}
if (notification.UserName == "guest" && notification.Password == "password")
{
roleType = "user";
return(true);
}
return(false);
}
private bool UserAuthenticatedSimple(GrantResourceOwnerCredentialsNotification notification, out string roleType)
{
roleType = null;
if (notification.UserName == "sharpiro" && notification.Password == "password")
{
roleType = "admin";
return true;
}
if (notification.UserName == "revoked" && notification.Password == "revoked")
{
roleType = "admin";
return true;
}
if (notification.UserName == "guest" && notification.Password == "password")
{
roleType = "user";
return true;
}
return false;
}
public override async Task GrantResourceOwnerCredentials(GrantResourceOwnerCredentialsNotification notification)
{
string roleType;
if (!UserAuthenticatedSimple(notification, out roleType))
return;
//authenticate
var identity = new ClaimsIdentity(OpenIdConnectDefaults.AuthenticationScheme);
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, notification.UserName));
identity.AddClaim(new Claim(ClaimTypes.Role, roleType));
// create metadata to pass on to refresh token provider
var props = new AuthenticationProperties(new Dictionary<string, string>
{
{ "as:client_id", notification.ClientId },
{"userName", notification.UserName }
});
var principal = new ClaimsPrincipal(identity);
var ticket = new AuthenticationTicket(principal, props, OpenIdConnectDefaults.AuthenticationScheme);
notification.Validated(ticket);
}
