private async Task<JObject> GenerateLocalAccessTokenResponse(string userName) { var tokenExpiration = TimeSpan.FromDays(1); ApplicationUser user = await UserManager.FindByNameAsync(userName); if (user == null || user.IsActive == false) { return null; } var _roles = await UserManager.GetRolesAsync(user.Id); ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(UserManager, OAuthDefaults.AuthenticationType); oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, userName)); oAuthIdentity.AddClaim(new Claim("sub", userName)); if (_roles.Contains(IdentityConstants.Roles.Administrator)) { oAuthIdentity.AddClaim(new Claim("role", IdentityConstants.Roles.Administrator)); } var props = new AuthenticationProperties() { IssuedUtc = DateTime.UtcNow, ExpiresUtc = DateTime.UtcNow.Add(tokenExpiration), }; var ticket = new AuthenticationTicket(oAuthIdentity, props); var accessToken = Startup.OAuthBearerOptions.AccessTokenFormat.Protect(ticket); /* If not external user for e.g. social logins (Google, Facebook etc) Then display is the combination of First & Last Name **/ if (user.Logins.Count == 0) { var person = new RegistrationController().GetPerson(user.UserName); user.DisplayName = person != null ? person.FirstName + " " + person.LastName : user.DisplayName; } JObject tokenResponse = new JObject( new JProperty("userName", userName), new JProperty("displayName", user.DisplayName ?? user.UserName), new JProperty("roles", string.Join(",", _roles)), new JProperty("access_token", accessToken), new JProperty("token_type", "bearer"), new JProperty("expires_in", tokenExpiration.TotalSeconds.ToString()), new JProperty(".issued", ticket.Properties.IssuedUtc.ToString()), new JProperty(".expires", ticket.Properties.ExpiresUtc.ToString()) ); return tokenResponse; }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { var allowedOrigin = context.OwinContext.Get<string>("clientAllowedOrigin"); if (allowedOrigin == null) allowedOrigin = "*"; context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin }); var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>(); ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password); if (user == null || user.IsActive == false) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } /* Currently two-factor authentication is enabled for internal users * if EmailConfirmed and PhoneNumberConfirmed both are false then * verification code sent to user is not verified **/ if (!user.EmailConfirmed && !user.PhoneNumberConfirmed) { context.SetError("user_requiresverification", "User is not verified. Use verification code send to email or phone no entered during registration process."); return; } if (await userManager.IsLockedOutAsync(user.Id)) { context.SetError("user_lockedout", "User is locked out"); return;// SignInStatus.LockedOut; } var _roles = await userManager.GetRolesAsync(user.Id); ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType); //var oAuthIdentity = new ClaimsIdentity("JWT"); oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, context.UserName)); oAuthIdentity.AddClaim(new Claim("sub", context.UserName)); if (_roles.Contains(IdentityConstants.Roles.Administrator)) { oAuthIdentity.AddClaim(new Claim("role", IdentityConstants.Roles.Administrator)); } var person = new RegistrationController().GetPerson(user.UserName); user.DisplayName = person != null ? person.FirstName + " " + person.LastName : user.DisplayName; AuthenticationProperties properties = CreateProperties(user, string.Join(",", _roles)); //properties.Dictionary.Add("audience", IdentityConstants.AudienceId); properties.Dictionary.Add("audience", (context.ClientId == null) ? string.Empty : context.ClientId); var ticket = new AuthenticationTicket(oAuthIdentity, properties); context.Validated(ticket); //return Task.FromResult<object>(null); //context.Request.Context.Authentication.SignIn(cookiesIdentity); }
public async Task<IHttpActionResult> Register(RegisterBindingModel model) { if (!ModelState.IsValid) { return BadRequest(ModelState); } var regContext = new RegistrationController(); if (regContext.IsDuplicateEmail(model.Email)) { return BadRequest("Email ID already exists"); } var user = new ApplicationUser() { UserName = model.Email, Email = model.Email, PhoneNumber = model.Person.Contact.Phone, DisplayName = model.DisplayName }; IdentityResult result; try { result = await UserManager.CreateAsync(user, model.Password).ConfigureAwait(false); // Note that because of the ConfigureAwait(false), we are not on the original context here. // Instead, we're running on the thread pool. if (!result.Succeeded) { return GetErrorResult(result); } else { //Enable two factor authentication result = await UserManager.SetTwoFactorEnabledAsync(user.Id, true).ConfigureAwait(false); if (!result.Succeeded) { return GetErrorResult(result); } /* Insert a new record into the People table */ var personResult = new RegistrationController().CreatePerson(model.Person); // Sending verification code var provider = "EmailCode"; var token = await UserManager.GenerateTwoFactorTokenAsync(user.Id, provider).ConfigureAwait(false); // See IdentityConfig.cs to plug in Email/SMS services to actually send the code result = await UserManager.NotifyTwoFactorTokenAsync(user.Id, provider, token); if (!result.Succeeded) { return GetErrorResult(result); } return Ok(result); } } catch (Exception ex) { throw ex; } }