private ApplicationUser CreateUser(string username, string password, NovellUser novellUser, ApplicationUserManager userManager) { //замена внешних ключей из одной таблицы в другую ... :) bool dbResult = false; using (ApplicationDbContext db = new ApplicationDbContext()) { dbResult = db.CreateHoldingUser(username, password); if (!dbResult) { throw new FailedDatabaseConnectionException("Cannot create database login"); } } ApplicationUser user = CreateEmployeeApplicationUser(userManager, username, password, novellUser.Attributes["mail"][0]); userManager.AddToRole(user.Id, "Personnel"); bool rightsResult = false; using (ApplicationDbContext db = new ApplicationDbContext()) { rightsResult = db.GrantStandardRightsToPersonnel(user.Id); } if (!rightsResult) { throw new FailedDatabaseConnectionException("Cannot create user rights"); } return(user); }
/// <summary> /// First - NovellProvider, then OAuth Provider /// </summary> /// <param name="context"></param> /// <returns></returns> public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>(); try { NovellUser novelleDirectoryUser = novell.Connect(context.UserName.Trim(), context.Password.Trim()); ApplicationUser applicationUser = userManager.Find(context.UserName.Trim(), context.Password.Trim()); //Особенности нашего обращения с Novell, ничего не попишешь if (applicationUser == null) { //на случай, если пароль поменяли applicationUser = await ChangePassword(context.UserName.Trim(), context.Password.Trim(), userManager); } if (applicationUser == null) { //если человек есть в Novell eDirectory, но нет в AspNetUSers applicationUser = CreateUser(context.UserName.Trim(), context.Password.Trim(), novelleDirectoryUser, userManager); } if (!novelleDirectoryUser.IsAlien) { NovellGroupWisePostOfficeConnection postOfficeConnection = novellGroupWise.Connect(context.UserName.Trim(), context.Password.Trim()); applicationUser.PostOfficeAddress = postOfficeConnection.PostOffice; applicationUser.GroupWiseSessionId = postOfficeConnection.SessionId; } ClaimsIdentity oAuthIdentity = await applicationUser.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType); ClaimsIdentity cookiesIdentity = await applicationUser.GenerateUserIdentityAsync(userManager, CookieAuthenticationDefaults.AuthenticationType); AuthenticationProperties properties = CreateProperties(applicationUser.UserName); AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); context.Validated(ticket); context.Request.Context.Authentication.SignIn(cookiesIdentity); } catch (NovellGroupWiseException ngwe) { context.SetError("invalid_grant", "Username or password is incorrect"); context.Response.Headers.Add(Constants.OwinChallengeFlag, new[] { ((int)HttpStatusCode.Unauthorized).ToString() }); } catch (NovelleDirectoryException nede) { //если человека нет в Novell - это и только это показатель того, что его никуда не надо пускать context.SetError("invalid_grant", "Username or password is incorrect"); context.Response.Headers.Add(Constants.OwinChallengeFlag, new[] { ((int)HttpStatusCode.Unauthorized).ToString() }); return; } catch (FailedDatabaseConnectionException fdce) { context.SetError("invalid_grant", fdce.Message); context.Response.Headers.Add(Constants.OwinChallengeFlag, new[] { ((int)HttpStatusCode.Unauthorized).ToString() }); } catch (Exception e) { context.SetError("invalid_grant", e.Message); context.Response.Headers.Add(Constants.OwinChallengeFlag, new[] { ((int)HttpStatusCode.Unauthorized).ToString() }); } }