Token based login logic change in ASP.NET Identity 2.0

Question

I am building a SPA app using WebAPI 2 backend. I am using the new ASP.NET Identity 2.0 for authorization and authentication. To login I call the /Token URL which returns the token which I use for subsequent API calls. Now all this works fine.

Now I need to make some changes to the login/authentication process where I want to check if email is confirmed and also the user is active (both DB fields) before returning the token. But I am unable to find which method is being called for authorization. I thought it was the GetExternalLogin method in AccountController but it does not seem to be so.

Can someone tell me where I need to change the login logic?

score 3 · Accepted Answer · edited May 23 '17 at 12:26

3

You will need to implement your own UserStore to implement your own authentication logic.
Refer This SO question

If you don't want to do that may be, in ApplicationOAuthProvider.cs find this function GrantResourceOwnerCredentials. After this line

IdentityUser user = await userManager.FindAsync(context.UserName, 
                                                context.Password);

you may be able to squeeze in some custom logic like

if (IsEmailConfirmed(user) == false)
{
   context.SetError("invalid_grant", "The user name or password is incorrect.");
   return;
}

edited May 23 '17 at 12:26

Community

1
1

answered Apr 16 '14 at 19:32

sunil

5,078
6
28
33

1

I used the second option and it worked like a charm! – Achinth Gurkhi Apr 16 '14 at 19:50

Token based login logic change in ASP.NET Identity 2.0

1 Answers1