public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
try
{
var scop = context.Scope[0].Split(',');
string ip = HttpContext.Current.Request.UserHostAddress;
bool isLogOffUser = bool.Parse(scop[0]);
string token = scop[1];
var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin");
if (allowedOrigin == null)
{
allowedOrigin = "*";
}
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
IUserService userService = StructureMap.ObjectFactory.GetInstance <IUserService>();
User user = userService.GetUsers(x => x.Email == context.UserName).FirstOrDefault();
if (user == null)
{
CommonUtility.LoginFailedLog(_userLoginService, ip, context.ClientId);
context.SetError("invalid_grant", "Invalid username and password.");
return;
}
if (!user.IsActive)
{
CommonUtility.LoginFailedLog(_userLoginService, ip, context.ClientId, user.Id);
context.SetError("invalid_grant", "Invalid username and password.");
return;
}
if (user.IsLocked)
{
CommonUtility.LoginFailedLog(_userLoginService, ip, context.ClientId, user.Id);
context.SetError("invalid_grant", "Your account is locked. Please contact system administrator.");
return;
}
if (user.IsSuspended)
{
CommonUtility.LoginFailedLog(_userLoginService, ip, context.ClientId, user.Id);
context.SetError("invalid_grant", "Your account is suspended. Please contact system administrator.");
return;
}
if (user.RoleId != 1)
{
var company = _companyService.GetCompanyById(user.CompanyId);
if (!company.IsActive)
{
CommonUtility.LoginFailedLog(_userLoginService, ip, context.ClientId, user.Id);
context.SetError("invalid_grant", "Invalid username and password.");
return;
}
}
bool isValid = false;
if (scop[2].ToUpper() == "ADMINLOGIN")
{
isValid = user.Password == context.Password ? true : false;
}
else
{
isValid = PasswordHasher.ComparePassword(context.Password, PasswordHasher.CreateByteArray(user.Password), SHA256Managed.Create());
}
if (!isValid)
{
user.InvalidPasswordAttempt = user.InvalidPasswordAttempt + 1;
StructureMap.ObjectFactory.GetInstance <IUserService>().UpdateUser(user);
CommonUtility.LoginFailedLog(_userLoginService, ip, context.ClientId, user.Id);
context.SetError("invalid_grant", "Invalid username and password.");
return;
}
var role = _roleService.GetRoleById(user.RoleId ?? 0);
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim("UserId", user.Id.ToString()));
identity.AddClaim(new Claim("IPAddress", ip));
identity.AddClaim(new Claim("FirstName", user.FirstName));
identity.AddClaim(new Claim("LastName", user.LastName));
identity.AddClaim(new Claim("UserType", role.UserType.ToString()));
identity.AddClaim(new Claim("RoleId", user.RoleId.ToString()));
identity.AddClaim(new Claim("ClientId", user.CompanyId.ToString()));
identity.AddClaim(new Claim("LabId", user.LabId.ToString()));
var props = new AuthenticationProperties(new Dictionary <string, string>
{
{
"as:client_id", (context.ClientId == null) ? string.Empty : context.ClientId
},
{
"userName", context.UserName
},
{
"UserId", user.Id.ToString()
},
{
"IPAddress", ip
}
,
{
"FirstName", user.FirstName
}
,
{
"LastName", user.LastName
}
,
{
"UserType", role.UserType.ToString()
}
,
{
"RoleId", user.RoleId.ToString()
},
{
"CompanyId", user.CompanyId.ToString()
}
,
{
"LabId", user.LabId.ToString()
}
});
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
}
catch (Exception ex)
{
context.SetError("invalid_grant", ex.ToString());
}
}
