public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
string userId;
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
using (AuctionDbRepository repo = new AuctionDbRepository())
{
IdentityUser user = await repo.FindUser(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
userId = user.Id;
}
//Use this in test propose
//using (UserManager<ApplicationUser> manager = new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(new AuctionDb())))
//{
// var ident = manager.Find(context.UserName, context.Password);
// var userIdentity = await manager.CreateIdentityAsync(ident, "Bearer");
// context.Validated(userIdentity);
//}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("userIdString", userId));
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim("role", "user"));
context.Validated(identity);
}
public async Task <IHttpActionResult> Login(UserModel userModel)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
ApplicationUser result;
try
{
using (AuctionDbRepository repository = new AuctionDbRepository())
{
result = await repository.FindUser(userModel.Name, userModel.Password);
}
if (result == null)
{
return(NotFound());
}
}
catch (Exception exception)
{
return(NotFound());
}
return(Ok(result.Id));
}