Пример #1
0
        /// <inheritdoc />
        public override Task HandleTokenRequest(HandleTokenRequestContext context)
        {
            // Only handle grant_type=password token requests and let the
            // OpenID Connect server middleware handle the other grant types.
            if (context.Request.IsPasswordGrantType())
            {
                // Validate the credentials here (e.g using ASP.NET Core Identity).
                // You can call Reject() with an error code/description to reject
                // the request and return a message to the caller.

                // ReSharper disable once NotAccessedVariable
                UserDto user;

                var credential = new NetworkCredential(context.Request.Username, context.Request.Password);
                try
                {
                    // ReSharper disable once RedundantAssignment
                    user = _loginProvider.GetUser(credential.UserName, credential.Password);
                }
                catch (AuthenticationException err)
                {
                    context.Reject(
                        error: OpenIdConnectConstants.Errors.InvalidClient,
                        description: err.Message);

                    return(Task.CompletedTask);
                }

                var identity = new ClaimsIdentity();
                identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "[unique identifier]");

                // By default, claims are not serialized in the access and identity tokens.
                // Use the overload taking a "destinations" parameter to make sure
                // your claims are correctly serialized in the appropriate tokens.
                identity.AddClaim("urn:customclaim", "value",
                                  OpenIdConnectConstants.Destinations.AccessToken,
                                  OpenIdConnectConstants.Destinations.IdentityToken);

                var ticket = new AuthenticationTicket(
                    new ClaimsPrincipal(identity),
                    new AuthenticationProperties(),
                    "Role");

                // Call SetResources with the list of resource servers
                // the access token should be issued for.
                ticket.SetResources("resource_server_1");

                // Call SetScopes with the list of scopes you want to grant
                // (specify offline_access to issue a refresh token).
                ticket.SetScopes("profile", "offline_access");

                context.Validate(ticket);
            }

            return(Task.CompletedTask);
        }
Пример #2
0
        public async Task <IHttpActionResult> me()
        {
            UTRGVUserProfile user = _loginProvider.GetUser(User.Identity.Name);
            var dbUser            = await db.Users.Where(u => u.Cn == user.Cn).FirstOrDefaultAsync();

            if (dbUser != null)
            {
                user.Role = dbUser.Role.Name;
            }
            else
            {
                user.Role = "Faculty";
            }


            return(Ok(user));
        }