/// <summary> /// 处理资源的授权 /// </summary> /// <param name="context"></param> /// <returns></returns> public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { var userName = context.UserName; var password = context.Password; var client = context.OwinContext.Get <AppClientRecord>("jytOAuth2:client"); var loginMode = context.OwinContext.Get <string>("AppLoginModel"); if (string.IsNullOrEmpty(client.AllowedOrigin)) { context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" }); } else { context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { client.AllowedOrigin }); } if (client.AllowedGrant == OAuth2Grant.Password) { var AppLoginWay = (AppLoginMode)Enum.Parse(typeof(AppLoginMode), loginMode.ToLowerInvariant()); //如果是短信验证码登录方式,首先检测验证码是否正确 if (AppLoginWay == AppLoginMode.smscode) { var success = await _securityCodeService.CheckCode(userName, Constant.SmsTypeForLogin, password, true); if (!success) { context.SetError("invalid_grant", "验证码不正确或已过期"); } } if (String.IsNullOrWhiteSpace(userName) || String.IsNullOrWhiteSpace(password)) { context.SetError("invalid_grant", "用户名和密码必须填写"); } var user = _orchardServices.WorkContext.Resolve <IMembershipService>().GetUser(userName); if (user != null) { if (AppLoginWay == AppLoginMode.smscode) { //调用后台的登录服务验证用户名与密码 user = _orchardServices.WorkContext.Resolve <IMembershipService>().ValidateUser(userName, Constant.DefaultAccountPassword); if (user == null) { context.SetError("invalid_grant", "用户名或密码不正确"); Logger.Warning(string.Format("用户{0},从APP登录失败,登录方式:{1}.)", userName, loginMode)); } } else { //调用后台的登录服务验证用户名与密码 user = _orchardServices.WorkContext.Resolve <IMembershipService>().ValidateUser(userName, password); } if (user == null) { context.SetError("invalid_grant", "用户或密码不正确"); Logger.Warning(string.Format("用户{0},从APP登录失败,登录方式:{1}.", userName, loginMode)); } _accountEventHandler.LoggedIn(user); _accountEventHandler.UpdateLoginMode(user.Id, loginMode); } else { //创建用户并设置默认密码 user = _orchardServices.WorkContext.Resolve <IMembershipService>().CreateUser(new CreateUserParams(string.Join("|", userName, loginMode), Constant.DefaultAccountPassword, null, null, null, true)); _accountEventHandler.CreateAccountForUser(user, loginMode); } ClaimsIdentity oAuthIdentity = new ClaimsIdentity(OAuthDefaults.AuthenticationType); oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, context.UserName)); oAuthIdentity.AddClaim(new Claim(ClaimTypes.PrimarySid, user.Id.ToString())); oAuthIdentity.AddClaim(new Claim("SettingName", _orchardServices.WorkContext.Resolve <ShellSettings>().Name)); AuthenticationProperties properties = CreateProperties(user, context); AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); Logger.Information("用户{0}从APP登录成功", userName); context.Validated(ticket); } else { context.SetError("invalid_grant", "客户端的密码凭据没有被授予访问"); Logger.Warning("用户{0},没有被授于密码凭据访问,登录失败", userName); } }