public WebUser ValidateUser(string username, string password) { using (var db = new StsContext()) { var webUser = db.WebUsers.SingleOrDefault(w => w.Username == username); if (webUser != null) { if (webUser.PasswordIsValid(password, hashing)) return webUser; } } return null; }
protected override IClaimsIdentity GetOutputClaimsIdentity(IClaimsPrincipal principal, RequestSecurityToken request, Scope scope) { if (null == principal) { throw new ArgumentNullException("principal"); } var outputIdentity = new ClaimsIdentity(); var userName = principal.Identity.Name; using (var db = new StsContext()) { var webUser = db.WebUsers.Single(w => w.Username == userName); foreach (var requestClaim in request.Claims) { var value = GetValueForClaimRequest(requestClaim, webUser); if (value != null) { outputIdentity.Claims.Add(new Claim(requestClaim.ClaimType, value)); } } if (outputIdentity.Claims.All(c => c.ClaimType != Security.ClaimTypes.Name)) { outputIdentity.Claims.Add(new Claim(Security.ClaimTypes.Name, webUser.Username)); } if (outputIdentity.Claims.All(c => c.ClaimType != Security.ClaimTypes.Role)) { outputIdentity.Claims.Add(new Claim(Security.ClaimTypes.Role, webUser.Role)); } } return outputIdentity; }