public async override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) {
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
// TODO Check username and password against database. Investigate possible async repo. Step 6 from http://bitoftech.net/2014/06/01/token-based-authentication-asp-net-web-api-2-owin-asp-net-identity/
using (AuthRepository _repo = new AuthRepository()) {
IdentityUser user = await _repo.FindUser(context.UserName, context.Password);
if (user == null) {
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim("role", "user"));
context.Validated(identity);
return;
}
public AccountApiController() {
_repo = new AuthRepository();
}