public IHttpActionResult GetCurrentUserSession()
        {
            var currentUserSession = _sessionProvider.GetCurrentUserSession(User.Identity.GetUserId());

            return(Ok(currentUserSession));
        }
        public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
        {
            var header = context.OwinContext.Response.Headers.SingleOrDefault(h => h.Key == "Access-Control-Allow-Origin");

            if (header.Equals(default(KeyValuePair <string, string[]>)))
            {
                context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
            }

            var form = await context.Request.ReadFormAsync();

            var tenancyName = form["tenancyName"];

            if (string.IsNullOrWhiteSpace(tenancyName))
            {
                context.SetError("invalid_company_id", "The company id is incorrect");
                //await _tenantProvider.SaveLoginAttempt(false, context.UserName, context.ErrorDescription, null, null, null);
                return;
            }

            var tenant = await _tenantProvider.GetTenantByNameAsync(tenancyName);

            if (tenant == null)
            {
                context.SetError("invalid_company_id", "The company id is incorrect");
                //await _tenantProvider.SaveLoginAttempt(false, context.UserName, context.ErrorDescription, null, null, null);
                return;
            }
            var tenantId = tenant.Id;

            var userManager = context.OwinContext.GetUserManager <UserManager>();

            userManager.SetTenantId(tenantId);

            User user = await userManager.FindAsync(tenantId, context.UserName, context.Password);

            if (user == null)
            {
                context.SetError("invalid_grant", "The user name or password is incorrect.");
                await _tenantProvider.SaveLoginAttempt(false, context.UserName, context.ErrorDescription, null, null, null);

                return;
            }


            //var referer = context.Request.Headers["Referer"];
            //if (referer != null)
            //{
            //    tenancyName = TenantHelper.GetTenantNameFromReferer(referer);
            //}
            if (!string.IsNullOrWhiteSpace(tenancyName) && user.TenantName.ToLower() != tenancyName)
            {
                context.SetError("others_tenant_user", "Login failed! You are not the user of current company.");
                await _tenantProvider.SaveLoginAttempt(false, context.UserName, context.ErrorDescription, user.TenantId, user.CompanyId, user.Id);

                return;
            }


            if (!user.IsActive)
            {
                context.SetError("user_inactive", "Login failed! You are not an active user. Please contact with administration.");
                await _tenantProvider.SaveLoginAttempt(false, context.UserName, context.ErrorDescription, user.TenantId, user.CompanyId, user.Id);

                return;
            }

            bool enableEmailConfirmation;

            try
            {
                enableEmailConfirmation = Convert.ToBoolean(ConfigurationManager.AppSettings["Security:IsRequireEmailConfirmation"]);
                if (Convert.ToBoolean(enableEmailConfirmation))
                {
                    var isEmailConfirmed = await userManager.IsEmailConfirmedAsync(user.Id);

                    if (!isEmailConfirmed)
                    {
                        context.SetError("email_not_confirmed", "Your email is not confirmed.");
                        await _tenantProvider.SaveLoginAttempt(false, context.UserName, context.ErrorDescription, user.TenantId, user.CompanyId, user.Id);

                        return;
                    }
                }
            }
            catch (Exception)
            {
                context.SetError("app_setting__read_error", "Failed to read email confirmation checking setting value.");
                await _tenantProvider.SaveLoginAttempt(false, context.UserName, context.ErrorDescription, user.TenantId, user.CompanyId, user.Id);

                return;
            }


            //var tenant = await _tenantProvider.GetTenantAsync(user.TenantId);

            if (!tenant.IsActive)
            {
                context.SetError("company_inactive", "Your company is not active yet.");
                await _tenantProvider.SaveLoginAttempt(true, context.UserName, context.ErrorDescription, user.TenantId, user.CompanyId, user.Id);

                return;
            }

            var edition = await _tenantProvider.GetEditionAsync(tenant.EditionId);

            //var anyActiveSubscription = await _tenantProvider.AnyActiveSubscription(user.TenantId);
            //var anyUnpaidSubscription = await _tenantProvider.AnyUnpaidSubscription(user.TenantId);
            //var allUnpaidSubscription = await _tenantProvider.AllUnpaidSubscription(user.TenantId);

            //string lastPaymentStatus = await _tenantProvider.SubscriptionLastPaymentStatus(user.TenantId);

            var session = _sessionProvider.GetCurrentUserSession(user.Id);

            session.Application.IsEnableEmailActivation = enableEmailConfirmation;

            user.LastLoginTime = DateTime.Now;
            await userManager.UpdateAsync(user);

            await _tenantProvider.SaveLoginAttempt(true, context.UserName, context.ErrorDescription, user.TenantId, user.CompanyId, user.Id);

            ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager,
                                                                                OAuthDefaults.AuthenticationType);

            ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager,
                                                                                  CookieAuthenticationDefaults.AuthenticationType);

            //AuthenticationProperties properties = CreateProperties(user.UserName);
            var roles = await userManager.GetRolesAsync(user.Id);

            AuthenticationProperties properties = CreateProperties(session); //user, roles, tenant, edition, anyActiveSubscription, anyUnpaidSubscription, allUnpaidSubscription, lastPaymentStatus, enableEmailConfirmation

            AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);

            context.Validated(ticket);
            context.Request.Context.Authentication.SignIn(cookiesIdentity);
        }