Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- using EventTracker.Models;
- using Microsoft.Owin.Security.OAuth;
- using System.Security.Claims;
- using System.Threading.Tasks;
- using System.Linq;
- namespace EventTracker.Helpers {
- public class SimpleAuthorizationServerProvider : OAuthAuthorizationServerProvider {
- public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) {
- // OAuth2 supports the notion of client authentication
- // this is not used here
- context.Validated();
- }
- public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) {
- // validate user credentials (demo!)
- // user credentials should be stored securely (salted, iterated, hashed yada)
- var db = new AppContext();
- var hashedPassword = context.Password.ToHash();
- var user = db.Users.FirstOrDefault(u => (u.Email == context.UserName || u.Name == context.UserName) && u.Password == hashedPassword);
- if (user == null) {
- context.Rejected();
- return;
- }
- // create identity
- var id = new ClaimsIdentity(context.Options.AuthenticationType);
- id.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
- user.UserRoles.ToList().ForEach(ur=>{
- id.AddClaim(new Claim(ClaimTypes.Role, ur.RoleId));
- });
- context.Validated(id);
- }
- }
- }
Add Comment
Please, Sign In to add comment
