public async override Task GrantResourceOwnerCredentials( GrantResourceOwnerCredentialsNotification notification) { var username = notification.UserName; var password = notification.Password; var userManager = notification .HttpContext .RequestServices .GetRequiredService <UserManager <IdentityUser> >(); var user = await userManager.FindByNameAsync(username); var isValid = await userManager.CheckPasswordAsync(user, password); if (isValid) { var identity = new ClaimsIdentity(OpenIdConnectDefaults.AuthenticationScheme); // this automatically goes into the token and id_token identity.AddClaim(ClaimTypes.NameIdentifier, "TODO: Add an appropriate name identifier."); // the other claims require explicit destinations identity.AddClaim(ClaimTypes.Name, username, "token id_token"); identity.AddClaim(ClaimTypes.Surname, "Doe", "token id_token"); var principal = new ClaimsPrincipal(identity); notification.Validated(principal); } }
public override async Task GrantResourceOwnerCredentials(GrantResourceOwnerCredentialsNotification notification) { string roleType; if (!UserAuthenticatedSimple(notification, out roleType)) { return; } //authenticate var identity = new ClaimsIdentity(OpenIdConnectDefaults.AuthenticationScheme); identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, notification.UserName)); identity.AddClaim(new Claim(ClaimTypes.Role, roleType)); // create metadata to pass on to refresh token provider var props = new AuthenticationProperties(new Dictionary <string, string> { { "as:client_id", notification.ClientId }, { "userName", notification.UserName } }); var principal = new ClaimsPrincipal(identity); var ticket = new AuthenticationTicket(principal, props, OpenIdConnectDefaults.AuthenticationScheme); notification.Validated(ticket); }
public async override Task GrantResourceOwnerCredentials(GrantResourceOwnerCredentialsNotification notification) { var username = notification.UserName; var password = notification.Password; var userManager = notification .HttpContext .RequestServices .GetRequiredService<UserManager<ApplicationUser>>(); var user = await userManager.FindByNameAsync(username); var isValid = await userManager.CheckPasswordAsync(user, password); if (isValid) { var identity = new ClaimsIdentity(OpenIdConnectDefaults.AuthenticationScheme); // this automatically goes into the token and id_token identity.AddClaim(ClaimTypes.NameIdentifier, user.UserName); // the other claims require explicit destinations identity.AddClaim(ClaimTypes.Name, user.FirstName, "token id_token"); identity.AddClaim(ClaimTypes.Surname, user.LastName, "token id_token"); var principal = new ClaimsPrincipal(identity); notification.Validated(principal); } }
public override Task GrantResourceOwnerCredentials( GrantResourceOwnerCredentialsNotification notification) { var identity = new ClaimsIdentity(OpenIdConnectDefaults.AuthenticationScheme); identity.AddClaim(ClaimTypes.NameIdentifier, "todo"); var principal = new ClaimsPrincipal(identity); notification.Validated(principal); return(Task.FromResult <object>(null)); }
public override Task GrantResourceOwnerCredentials( GrantResourceOwnerCredentialsNotification notification) { var identity = new ClaimsIdentity(OpenIdConnectDefaults.AuthenticationScheme); identity.AddClaim(ClaimTypes.NameIdentifier, "todo"); // By default, claims are not serialized in the access and identity tokens. // Use the overload taking a "destination" to make sure your claims // are correctly inserted in the appropriate tokens. identity.AddClaim("urn:customclaim", "value", "token id_token"); var principal = new ClaimsPrincipal(identity); notification.Validated(principal); return(Task.FromResult <object>(null)); }
private bool UserAuthenticatedSimple(GrantResourceOwnerCredentialsNotification notification, out string roleType) { roleType = null; if (notification.UserName == "sharpiro" && notification.Password == "password") { roleType = "admin"; return(true); } if (notification.UserName == "revoked" && notification.Password == "revoked") { roleType = "admin"; return(true); } if (notification.UserName == "guest" && notification.Password == "password") { roleType = "user"; return(true); } return(false); }
private bool UserAuthenticatedSimple(GrantResourceOwnerCredentialsNotification notification, out string roleType) { roleType = null; if (notification.UserName == "sharpiro" && notification.Password == "password") { roleType = "admin"; return true; } if (notification.UserName == "revoked" && notification.Password == "revoked") { roleType = "admin"; return true; } if (notification.UserName == "guest" && notification.Password == "password") { roleType = "user"; return true; } return false; }
public override async Task GrantResourceOwnerCredentials(GrantResourceOwnerCredentialsNotification notification) { string roleType; if (!UserAuthenticatedSimple(notification, out roleType)) return; //authenticate var identity = new ClaimsIdentity(OpenIdConnectDefaults.AuthenticationScheme); identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, notification.UserName)); identity.AddClaim(new Claim(ClaimTypes.Role, roleType)); // create metadata to pass on to refresh token provider var props = new AuthenticationProperties(new Dictionary<string, string> { { "as:client_id", notification.ClientId }, {"userName", notification.UserName } }); var principal = new ClaimsPrincipal(identity); var ticket = new AuthenticationTicket(principal, props, OpenIdConnectDefaults.AuthenticationScheme); notification.Validated(ticket); }