public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" }); var user = _userRepository.GetByUsername(context.UserName); if (user == null) { context.SetError("invalid_grant", "The user and password combination doesn't exist"); return ThreadingExtensions.NoResult; } if (user.Locked) { context.SetError("invalid_grant", "The user account is locked."); return ThreadingExtensions.NoResult; } if (!_hashingService.ValidateStringHash(context.Password, user.Password)) { HandleFailedLogin(context, user); return ThreadingExtensions.NoResult; } // Build Claims Identity var identity = new ClaimsIdentity(ApiOwinAuthConfig.OAuthAuthorizationOptions.AuthenticationType); identity.BuildClaims(user); var issuedGuid = Guid.NewGuid(); // Create the Properties var properties = CreateProperties(user); properties.SetIssuedGuid(issuedGuid); // Create the ticket and process it. var ticket = new AuthenticationTicket(identity, properties); context.Validated(ticket); SaveLoginInformation(user, issuedGuid); return ThreadingExtensions.NoResult; }