public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" }); var identity = new ClaimsIdentity(context.Options.AuthenticationType); identity.AddClaim(new Claim(ClaimTypes.Name, context.ClientId)); using (ActiveDirectoryRepo _repo = new ActiveDirectoryRepo()) { var groups = await _repo.GetUserGroupsAsync("<DOMAIN-NAME>", context.ClientId, "<GROUP-PREFIX>"); //identity.AddClaim(new Claim("sub", context.UserName)); foreach (string name in groups) { identity.AddClaim(new Claim("role", name)); } if (context.ClientId == null) { context.SetError("invalid_grant", "Supplied credentials are not valid"); return; } } context.Validated(identity); }
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { string clientId = string.Empty; string clientSecret = string.Empty; if (!context.TryGetBasicCredentials(out clientId, out clientSecret)) { context.TryGetFormCredentials(out clientId, out clientSecret); } if (clientId == null && clientSecret == null) { context.Rejected(); context.SetError("invalid_client", "Client credentials could not be retrieved"); return; } else { using (ActiveDirectoryRepo _repo = new ActiveDirectoryRepo()) { var usercredentialsAreValid = await _repo.ValidateADcredentialsAsync("<DOMAIN-NAME>", clientId, clientSecret); if (!usercredentialsAreValid) { context.Rejected(); context.SetError("invalid_grant", "The user name or password is incorrect."); return; } else { context.Validated(); } } } }