//check if user account is active. public async Task IsActiveAsync(IsActiveContext context) { try { //get subject from context (set in ResourceOwnerPasswordValidator.ValidateAsync), var userIdClaim = context.Subject.Claims.FirstOrDefault(x => x.Type == "user_id"); var userId = Guid.Parse(userIdClaim.Value); // TODO: try parse instead if (userId != Guid.Empty) { var user = UserPasswordValidator.GetUserProfile(userId); if (user != null) { if (user.IsActive) { context.IsActive = user.IsActive; } } } } catch (Exception ex) { //handle error logging } }
//Get user profile date in terms of claims when calling /connect/userinfo public async Task GetProfileDataAsync(ProfileDataRequestContext context) { try { //depending on the scope accessing the user data. if (!string.IsNullOrEmpty(context.Subject.Identity.Name)) { //get user from db (in my case this is by email) var user = UserPasswordValidator.GetUserProfileByName(context.Subject.Identity.Name); if (user != null) { var claims = UserPasswordValidator.GetUserClaims(user, new string[] { "User", "Manager" }); //set issued claims to return context.IssuedClaims = claims.Where(x => context.RequestedClaimTypes.Contains(x.Type)).ToList(); } } else { //get subject from context (this was set ResourceOwnerPasswordValidator.ValidateAsync), //where and subject was set to my user id. var userIdClaim = context.Subject.Claims.FirstOrDefault(x => x.Type == "sub"); var userId = Guid.Parse(userIdClaim?.Value); // TODO: try parse instead if (userId != Guid.Empty) { //get user from db (find user by user id) var user = UserPasswordValidator.GetUserProfile(userId); // issue the claims for the user if (user != null) { var claims = UserPasswordValidator.GetUserClaims(user, new string[] { "User", "Manager" }); context.IssuedClaims = claims.Where(x => context.RequestedClaimTypes.Contains(x.Type)).ToList(); } } } } catch (Exception ex) { //log your error } }