public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { //context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" }); using (UserAuthentication OBJ = new UserAuthentication()) { UserModel userResult = new UserModel(); var user = OBJ.ValidateUser(context.UserName, context.Password); if (user == "false") { ///context.SetError("invalid_grant", "Username or password is incorrect"); ///context.SetError("invalid_grant", "Username or password is incorrect"); ResponseObject obj = new ResponseObject(); obj.ResponseMsg = "Username or password is incorrect"; obj.userId = context.UserName; obj.ExceptionMsg = "Username or password is incorrect"; context.SetCustomError(obj); context.Rejected(); return; } else { userResult = IService.GetUserDetailbyName(context.UserName); } var identity = new ClaimsIdentity(context.Options.AuthenticationType); identity.AddClaim(new Claim(ClaimTypes.Role, "SuperAdmin")); identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName)); identity.AddClaim(new Claim("UserId", userResult.Id.ToString())); identity.AddClaim(new Claim("isNGO", userResult.IsNGO.ToString())); identity.AddClaim(new Claim("canEndorse", userResult.CanEndorse.ToString())); identity.AddClaim(new Claim("DisplayName", userResult.DisplayName)); identity.AddClaim(new Claim("isAdmin", userResult.IsAdmin.ToString())); identity.AddClaim(new Claim("LastLoginDate", userResult.LastLoginTime.ToString())); AuthenticationProperties properties = CreateProperties(context.UserName, userResult.Id.ToString(), userResult.DisplayName.ToString(), userResult.IsNGO.ToString(), userResult.CanEndorse.ToString(), userResult.IsAdmin.ToString(), userResult.LastLoginTime.ToString()); AuthenticationTicket ticket = new AuthenticationTicket(identity, properties); context.Validated(ticket); // context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" }); } }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { string function = context.Request + " " + context.Request.Method; try { _Logging.WriteTransactionLog(function, "Token verme işlemi başladı...", Helpers.Messages.ErrorMessageCode.Authorization); var appId = context.OwinContext.Get <string>("as:clientAppID"); var companyId = context.OwinContext.Get <string>("as:clientCompanyID"); context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" }); #region Kullanıcı işlemleri UserProcess up = UserProcess.UserProcessMultiton(connectionHelper); CompanyUserProcess cup = CompanyUserProcess.CompanyUserProcessMultiton(connectionHelper); CompanyApplicationLicenseProcess calp = CompanyApplicationLicenseProcess.UserTokenProcessMultiton(connectionHelper); bool isSuccess = true; Users user = null; var licenseResult = calp.FindLicenseByCompanyApplicationFunction(Convert.ToInt32(companyId), Convert.ToInt32(appId)); if (!licenseResult.Result || licenseResult.Object == null) { isSuccess = false; _Logging.WriteTransactionLog(function, "Şirketin uygulama lisans bilgilerine ulaşılamadı.", Helpers.Messages.ErrorMessageCode.UnAuthorized); _Logging.WriteApplicationLog(function, "Şirketin uygulama lisans bilgilerine ulaşılamadı.", Helpers.Messages.ErrorMessageCode.Authorization); context.SetCustomError("Şirketin uygulama lisans bilgilerine ulaşılamadı."); } else { var license = Convert.ToInt32(licenseResult.Object.ApplicationLicenseSize.Decrypt()); user = up.UserFindFunction(context.UserName, context.Password).Object; if (user == null) { _Logging.WriteTransactionLog(function, string.Format("Kullanıcı: {0} veya parola yanlış.", context.UserName), Helpers.Messages.ErrorMessageCode.UnAuthorized); _Logging.WriteApplicationLog(function, string.Format("Kullanıcı: {0} veya parola yanlış.", context.UserName), Helpers.Messages.ErrorMessageCode.UnAuthorized); context.SetCustomError("Kullanıcı adı veya parola yanlış."); isSuccess = false;; } else { var userInCompany = cup.CanUseToApplication(user.TabloID, Convert.ToInt32(appId), Convert.ToInt32(companyId)); if (!userInCompany.Result) { _Logging.WriteTransactionLog(function, string.Format("{0} kullanıcısının girmek istediği {1} id uygulamasına yetkisi yok.", context.UserName, companyId), Helpers.Messages.ErrorMessageCode.UnAuthorized); _Logging.WriteApplicationLog(function, string.Format("{0} kullanıcısının girmek istediği {1} id uygulamasına yetkisi yok.", context.UserName, companyId), Helpers.Messages.ErrorMessageCode.UnAuthorized); context.SetCustomError("Kullanıcının bu uygulama için yetkisi yok."); isSuccess = false;; } else { if (Constants.Dic.Count >= license) { _Logging.WriteTransactionLog(function, string.Format("{0} id uygulaması için kullanıcı sayısı dolmuş.", appId), Helpers.Messages.ErrorMessageCode.UnAuthorized); _Logging.WriteApplicationLog(function, string.Format("{0} id uygulaması için kullanıcı sayısı dolmuş.", appId), Helpers.Messages.ErrorMessageCode.UnAuthorized); context.SetCustomError("Aktif kulalnıcı sayısı dolmuş."); isSuccess = false; } } } } #endregion if (isSuccess) { var identity = new ClaimsIdentity(context.Options.AuthenticationType); identity.AddClaim(new Claim("UserID", user.TabloID.ToString())); identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName)); identity.AddClaim(new Claim(ClaimTypes.Role, user.AuthorityGroup.AuthorityName)); var props = new AuthenticationProperties(new Dictionary <string, string> { { "AppId", appId }, { "CompanyId", companyId }, { "Username", user.UserFullName }, { "UserId", user.TabloID.ToString() } }); var ticket = new AuthenticationTicket(identity, props); context.Validated(ticket); context.Request.Context.Authentication.SignIn(identity); _Logging.WriteTransactionLog(function, string.Format("[Kullanıcı:{0}] [Uygulama No:{1}] [Şirket No:{2}] => Giriş Başarılı.", user.UserFullName, appId, companyId), Helpers.Messages.ErrorMessageCode.Authorization); } _Logging.WriteTransactionLog(function, "Token verme işlemi tamamlandı.", Helpers.Messages.ErrorMessageCode.Authorization); _Logging.Finish(function); } catch (Exception ex) { _Logging.WriteApplicationLog(function, ex.Message, Helpers.Messages.ErrorMessageCode.TryCatchMessage); context.SetCustomError(ex.Message); } }