public async Task <IHttpActionResult> InitiateLogin([System.Web.Mvc.Bind(Exclude = "Token")] LoginDataModel model) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } string token; using (ModelNFCZavrsniService db = new ModelNFCZavrsniService()) { IdentityUser user = UserManager.Users.Where(x => x.PhoneNumber == model.PhoneNumber).First(); Employee employee = db.Employee.Where(x => x.PhoneID == model.PhoneID && x.PhoneNumber == model.PhoneNumber).First(); if (user != null && employee != null && employee.Working == true) { token = UserManager.GenerateTwoFactorToken(user.Id, "Phone Code"); //BITNO--------------------------------------------- //await UserManager.SmsService.SendAsync(new IdentityMessage { Body = $"Your security code is {token}", Destination = user.PhoneNumber }); } else { return(BadRequest("Credentials do not match.")); } } //return token; return(Ok(token)); }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>(); var data = await context.Request.ReadFormAsync(); string phoneID = data["PhoneID"].ToString(); string phoneNumber = data["PhoneNumber"].ToString(); string token = data["Token"].ToString(); ApplicationUser user; using (ModelNFCZavrsniService db = new ModelNFCZavrsniService()) { Employee employee = db.Employee.Where(x => x.PhoneID == phoneID && x.PhoneNumber == phoneNumber).First(); user = userManager.Users.Where(x => x.PhoneNumber == phoneNumber).First(); if (user == null || employee == null || employee.Working != true) { context.SetError("invalid_grant", "Access not permitted."); return; } bool result = await userManager.VerifyTwoFactorTokenAsync(user.Id, "Phone Code", token); if (result == false) { context.SetError("invalid_grant", "Invalid token."); return; } } ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType); ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager, CookieAuthenticationDefaults.AuthenticationType); AuthenticationProperties properties = CreateProperties(user.UserName); AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); context.Validated(ticket); context.Request.Context.Authentication.SignIn(cookiesIdentity); }