public void Configuration(IAppBuilder appBuilder) { HttpConf

1. public void Configuration(IAppBuilder appBuilder)
2. {
3. HttpConfiguration httpConfiguration = new HttpConfiguration();
4.  
5. ConfigureOAuth(appBuilder);
6.  
7. WebApiConfig.Register(httpConfiguration);
8. appBuilder.UseWebApi(httpConfiguration);
9. }
10.  
11. private void ConfigureOAuth(IAppBuilder appBuilder)
12. {
13. OAuthAuthorizationServerOptions oAuthAuthorizationServerOptions = new OAuthAuthorizationServerOptions()
14. {
15. TokenEndpointPath = new Microsoft.Owin.PathString("/token"), // token path
16. AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
17. AllowInsecureHttp = true,
18. Provider = new UserAuthorizationServerProvider()
19. };
20. // To create an access token on AppBuilder
21. appBuilder.UseOAuthAuthorizationServer(oAuthAuthorizationServerOptions);
22.  
23. // We are setting Authentication type as a Bearer Authentication.
24. appBuilder.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
25. }
26.  
27. public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
28. {
29. // CORS settings
30. context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
31.  
32. // Validation for user access
33. if (context.UserName == "tester" && context.Password == "password")
34. {
35. var identity = new ClaimsIdentity(context.Options.AuthenticationType);
36.  
37. identity.AddClaim(new Claim("sub", context.UserName));
38. identity.AddClaim(new Claim("role", "user"));
39.  
40. context.Validated(identity);
41. }
42. else
43. {
44. context.SetError("invalid_grant", "Username or password is incorrect");
45. }
46. }