public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { //allow CORS specfically for OAuth and Authenticate context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" }); //Find User Base on Username and Password in Auth Repository using (var authorizationRepository = new AuthorizationRepository()) { var user = await authorizationRepository.FindUser(context.UserName, context.Password); //throw error if no user found if (user == null) { context.SetError("invalid_grant", "username or password is incorrect"); } else { // creat a token and add some claims var token = new ClaimsIdentity(context.Options.AuthenticationType); token.AddClaim(new Claim(ClaimTypes.Name, context.UserName)); token.AddClaim(new Claim(ClaimTypes.Role, "user")); context.Validated(token); } } }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { //allow CORS specfically for OAuth and Authenticate context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" }); //Find User Base on Username and Password in Auth Repository using (var authorizationRepository = new AuthorizationRepository()) { var user = await authorizationRepository.FindUser(context.UserName, context.Password); //throw error if no user found if (user == null ) { context.SetError("invalid_grant", "username or password is incorrect"); } else { // creat a token and add some claims var token = new ClaimsIdentity(context.Options.AuthenticationType); token.AddClaim(new Claim(ClaimTypes.Name, context.UserName)); token.AddClaim(new Claim(ClaimTypes.Role, "user")); context.Validated(token); } } }