/// <summary> /// Determines whether a given set of resource owner credentials is valid based on the authorization server's user /// database /// and if so records an authorization entry such that subsequent calls to <see cref="IsAuthorizationValid" /> would /// return <c>true</c>. /// </summary> /// <param name="userName">Username on the account.</param> /// <param name="password">The user's password.</param> /// <param name="accessRequest"> /// The access request the credentials came with. /// This may be useful if the authorization server wishes to apply some policy based on the client that is making the /// request. /// </param> /// <returns>A value that describes the result of the authorization check.</returns> /// <exception cref="NotSupportedException"> /// May be thrown if the authorization server does not support the resource owner password credential grant type. /// </exception> public AutomatedUserAuthorizationCheckResponse CheckAuthorizeResourceOwnerCredentialGrant(string userName, string password, IAccessTokenRequest accessRequest) { Guard.NotNullOrEmpty(() => userName, userName); Guard.NotNullOrEmpty(() => password, password); Guard.NotNull(() => accessRequest, accessRequest); bool approved = false; //Ensure client exists if (IsClientExist(accessRequest.ClientIdentifier)) { // Ensure user exists IUserAuthInfo user = UserAccountStore.GetUserAuthInfo(userName); if (user != null) { if (IsValidScope(accessRequest)) { if (user.VerifyPassword(password)) { approved = true; //TODO: audit the passed authentication } //TODO: audit the failed authentication } } } return(new AutomatedUserAuthorizationCheckResponse(accessRequest, approved, (approved) ? userName : null)); }
private IUserAuthInfo GetUserAuthInfo(string username) { return(UserAccountStore.GetUserAuthInfo(username)); }