Пример #1
0
 public static IEnumerable <UserPoco> GetUsers()
 {
     return(new List <UserPoco>
     {
         new UserPoco {
             SubjectId = "1",
             Username = "******",
             Password = PasswordGenerator.CreateNew("password", "1111"),
             Salt = "1111",
             Email = "*****@*****.**",
             GivenName = "Bob",
             FamilyName = "the Builder",
             IsActive = true,
             ProviderName = "",
             ProviderSubjectId = "",
             Role = "admin",
             AllowedClients = "Client1;Client2",
             DateCreated = new DateTime().Date,
             DateUpdated = new DateTime().Date,
             CreatedBy = "test",
             UpdatedBy = "test"
         },
         new UserPoco {
             SubjectId = "2",
             Username = "******",
             Password = PasswordGenerator.CreateNew("password", "5555"),
             Salt = "5555",
             Email = "*****@*****.**",
             GivenName = "Alice",
             FamilyName = "Wonderland",
             IsActive = true,
             ProviderName = "",
             ProviderSubjectId = "",
             Role = "employee",
             AllowedClients = "Client1;Client3",
             DateCreated = new DateTime().Date,
             DateUpdated = new DateTime().Date,
             CreatedBy = "test",
             UpdatedBy = "test"
         },
         new UserPoco {
             SubjectId = "3",
             Username = "******",
             Password = PasswordGenerator.CreateNew("password", "6666"),
             Salt = "6666",
             Email = "*****@*****.**",
             GivenName = "George",
             FamilyName = "Jonhson",
             IsActive = true,
             ProviderName = "",
             ProviderSubjectId = "",
             Role = "customer",
             AllowedClients = "Client1;Client2;Client3",
             DateCreated = new DateTime().Date,
             DateUpdated = new DateTime().Date,
             CreatedBy = "test",
             UpdatedBy = "test"
         }
     });
 }
Пример #2
0
        //this is used to validate your user account with provided grant at /connect/token
        public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
        {
            try
            {
                //get your user model from db (by username - in my case its email)
                var user = _userStore.GetUser(context.UserName);


                if (user != null)
                {
                    // check if this user can access this client.
                    if (!String.IsNullOrEmpty(user.AllowedClients))
                    {
                        string[] AllowedClients = user.AllowedClients.Split(";");
                        var      cN             = AllowedClients.FirstOrDefault(c => c == context.Request.Client.ClientId);

                        if (cN.Length == 0)
                        {
                            context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "User is denied Client Access for Client: " + context.Request.Client.ClientId);
                            return;
                        }
                    }
                    else
                    {
                        context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "User is denied Client Access for Client: " + context.Request.Client.ClientId);
                        return;
                    }



                    //check if password match
                    if (user.Password == PasswordGenerator.CreateNew(context.Password, user.Salt))
                    {
                        //set the result
                        context.Result = new GrantValidationResult(
                            subject: user.SubjectId.ToString(),
                            authenticationMethod: "custom",
                            claims: user.Claims
                            );
                        return;
                    }

                    context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "Incorrect password");
                    return;
                }

                context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "User does not exist.");
                return;
            }

            catch (Exception ex)
            {
                context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "Invalid username or password");
                return; //i added this
            }
        }