public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, ESPL.AUTHENTICATION.OWINTOKEN.Models.Constants.DomainName))
{
//Validate user credentials with AD
if (pc.ValidateCredentials(context.UserName, context.Password))
{
int authorizedUserID = 0;
//Authorize user if site url is provided in Scope of context
if (context.Scope != null && !string.IsNullOrEmpty(context.Scope[0]))
{
//Get User ID of given user from the site if the user is authorized to access site
authorizedUserID = AuthorizeUser.GetUserIDFromSPSite(context.UserName, ESPL.AUTHENTICATION.OWINTOKEN.Models.Constants.QualifiedDomainName,
context.Scope[0]);
//check authorization id. If user id is zero "0" then the given user is not authorized to access the site
if (authorizedUserID == 0)
{
context.SetError("unauthorized_user", "User is not authorized to access site");
return;
}
}
//Get user information from AD
UserPrincipal UserInfoFromAD = UserPrincipal.FindByIdentity(pc, context.UserName.ToString());
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("LoginName", Convert.ToString(context.UserName)));
if (UserInfoFromAD.GivenName == null)
{
identity.AddClaim(new Claim("FirstName", ""));
}
else
{
identity.AddClaim(new Claim("FirstName", Convert.ToString(UserInfoFromAD.GivenName)));
}
if (UserInfoFromAD.MiddleName == null)
{
identity.AddClaim(new Claim("MiddleName", ""));
}
else
{
identity.AddClaim(new Claim("MiddleName", Convert.ToString(UserInfoFromAD.MiddleName)));
}
if (UserInfoFromAD.Surname == null)
{
identity.AddClaim(new Claim("LastName", ""));
}
else
{
identity.AddClaim(new Claim("LastName", Convert.ToString(UserInfoFromAD.Surname)));
}
if (UserInfoFromAD.EmailAddress == null)
{
identity.AddClaim(new Claim("EmailAddress", ""));
}
else
{
identity.AddClaim(new Claim("EmailAddress", Convert.ToString(UserInfoFromAD.EmailAddress)));
}
if (UserInfoFromAD.VoiceTelephoneNumber == null)
{
identity.AddClaim(new Claim("Telephone", ""));
}
else
{
identity.AddClaim(new Claim("Telephone", Convert.ToString(UserInfoFromAD.VoiceTelephoneNumber)));
}
if (UserInfoFromAD.EmployeeId == null)
{
identity.AddClaim(new Claim("EmployeeID", ""));
}
else
{
identity.AddClaim(new Claim("EmployeeID", Convert.ToString(UserInfoFromAD.EmployeeId)));
}
identity.AddClaim(new Claim("UserName", Convert.ToString(UserInfoFromAD.Name)));
if (authorizedUserID == 0)
{
identity.AddClaim(new Claim("UserID", ""));
}
else
{
identity.AddClaim(new Claim("UserID", Convert.ToString(authorizedUserID)));
}
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
context.Validated(identity);
}
else
{
context.SetError("inactive_user", "User is not valid custom message");
return;
}
}
}
