public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { //this will enable cors context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" }); using (var authRepository = new AuthorizationRepository()) { var user = await authRepository.FindUser(context.UserName, context.Password); if (user == null) { context.SetError("invalid_grant", "username or password is incorrect"); } else { var props = new AuthenticationProperties(new Dictionary <string, string> { { "username", user.ChirpName } }); //Grabs user token var token = new ClaimsIdentity(context.Options.AuthenticationType); //type - bearer token.AddClaim(new Claim(ClaimTypes.Name, context.UserName)); token.AddClaim(new Claim(ClaimTypes.Role, "user")); //Provides Auth Ticket for the user var ticket = new AuthenticationTicket(token, props); context.Validated(ticket); } } }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { //Allow cors specifically for OAuth and authenticating users context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" }); { //Find user based on username and password in auth repository using (var authorizationRepository = new AuthorizationRepository()) { var user = await authorizationRepository.FindUser(context.UserName, context.Password); //Throw error if no user found if (user == null) { context.SetError("invalid_grant", "username or password is incorrect"); } else { //Create a token and add some claims - name, role, and authorization type var token = new ClaimsIdentity(context.Options.AuthenticationType); token.AddClaim(new Claim(ClaimTypes.Name, context.UserName)); token.AddClaim(new Claim(ClaimTypes.Role, "user")); context.Validated(token); } } } }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" }); using (var authRepository = new AuthorizationRepository()) { var user = await authRepository.FindUser(context.UserName, context.Password); if (user == null) { context.SetError("invalid_grant", "username or password is incorrect"); } else { var token = new ClaimsIdentity(context.Options.AuthenticationType); token.AddClaim(new Claim(ClaimTypes.Name, context.UserName)); token.AddClaim(new Claim(ClaimTypes.Role, "user")); context.Validated(token); } } }