public async Task <IActionResult> Exchange(AuthConnectRequest request)
{
var user = await _userManager.FindByEmailAsync(request.Username) ?? await _userManager.FindByNameAsync(request.Username);
if (user == null)
{
return(BadRequest(new AuthConnectResponse
{
ErrorDescription = "Please check that your email and password is correct"
}));
}
// Validate the username/password parameters and ensure the account is not locked out.
var result = await _signInManager.CheckPasswordSignInAsync(user, request.Password, true);
// Ensure the user is not already locked out.
if (result.IsLockedOut)
{
return(BadRequest(new AuthConnectResponse
{
ErrorDescription = "The specified user account has been suspended"
}));
}
// Reject the token request if two-factor authentication has been enabled by the user.
if (result.RequiresTwoFactor)
{
return(BadRequest(new AuthConnectResponse
{
ErrorDescription = "Invalid login procedure"
}));
}
// Ensure the user is allowed to sign in.
if (result.IsNotAllowed)
{
return(BadRequest(new AuthConnectResponse
{
ErrorDescription = "The specified user is not allowed to sign in"
}));
}
if (!result.Succeeded)
{
return(BadRequest(new AuthConnectResponse
{
ErrorDescription = "Please check that your email and password is correct"
}));
}
AuthenticationTicket ticket = null;
// Create a new authentication ticket.
ticket = await CreateTicketAsync(request, user);
return(SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme));
}
private async Task <AuthenticationTicket> CreateTicketAsync(AuthConnectRequest request, ApplicationUser user)
{
// Create a new ClaimsPrincipal containing the claims that
// will be used to create an id_token, a token or a code.
var principal = await _signInManager.CreateUserPrincipalAsync(user);
// Create a new authentication ticket holding the user identity.
var ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), CookieAuthenticationDefaults.AuthenticationScheme);
return(ticket);
}
