public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
{
try
{
//get your user model from db (by username - in my case its email)
ApplicationUser user = await _uof.Query <ApplicationUser>().FirstOrDefaultAsync(o => o.LoginName == context.UserName);
if (user != null)
{
//check if password match - remember to hash password if stored as hash in db
if (user.Password == context.Password)
{
//set the result
context.Result = new GrantValidationResult(
subject: user.Id.ToString(),
authenticationMethod: "custom",
claims: ProfileService.GetUserClaims(user)
);
return;
}
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "Incorrect password");
return;
}
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "User does not exist.");
return;
}
catch (Exception ex)
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "Invalid username or password");
return;
}
}
public async Task SignInAsync(ApplicationUser user, AuthenticationProperties properties = null, string authenticationMethod = null)
{
var claims = new List <Claim>(ProfileService.GetUserClaims(user));
// Review: should we guard against CreateUserPrincipal returning null?
if (authenticationMethod != null)
{
claims.Add(new Claim(ClaimTypes.AuthenticationMethod, authenticationMethod));
}
await Context.SignInAsync(//IdentityConstants.ApplicationScheme,
user.Id.ToString(), user.LoginName,
properties ?? new AuthenticationProperties(), claims.ToArray());
}