4

I am using Identity Server 4 and implemented the following two interfaces:

IResourceOwnerPasswordValidator: for the purpose of validating user credentials against my custom DB

public class ResourceOwnerPasswordValidator : IResourceOwnerPasswordValidator
{
    private IUserRepository _userRepository;

    public ResourceOwnerPasswordValidator(IUserRepository userRepository)
    {
        this._userRepository = userRepository;
    }

    public Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
    {
        var isAuthenticated = _userRepository.ValidatePassword(context.UserName, context.Password);

       //code is omitted for simplicity                
    }
}

IProfileService: for getting necessary claims

 public class ProfileService : IdentityServer4.Services.IProfileService
{
    public IUserRepository _userRepository;
    public ProfileService(IUserRepository userRepository)
    {
        _userRepository = userRepository;
    }
    public Task GetProfileDataAsync(ProfileDataRequestContext context)
    {
        //code is ommitted
    }

Then added then necessary Interfaces and dependencies to the services in Startup class. I have also modified the Account Controller by injecting the login service which has the following implementation:

   public class LoginService
{
    private readonly IUserRepository _userRepository;
    public LoginService( IUserRepository userRepository)
    {
        _userRepository = userRepository;
    }
    public bool ValidateCredentials(string username, string password)
    {
        return _userRepository.ValidatePassword(username, password);
    }

The AccountController "Login" Action validate for the credentials by calling:

 if (_loginService.ValidateCredentials(model.Username, model.Password))
        {
           var user = _loginService.FindByUsername(model.Username);
           await HttpContext.Authentication.SignInAsync(user.Subject, user.Username);
             //other code is omitted

When debugging the project the Login Action of AccountContoller is called, then my login service. After validating the user credentials, the consent page is displayed, which trigger the ProfileService GetProfileDataAsync Method.

However, the ResourceOwnerPasswordValidator was never called. Am I Implementing the LoginService in the correct manner or should I replace the IUserRepository injected by IResourceOwnerPasswordValidation then call the "ValidateAsync" method in Login Service ValidateCredentails?

And if that was the case, what is the advantage of passing that to LoginService, since I am already validating users in this way?

Pang
  • 9,564
  • 146
  • 81
  • 122
Hussein Salman
  • 7,806
  • 15
  • 60
  • 98
  • is there any way to add model.Password into the access_token generated after login success? – FDB May 29 '20 at 13:56

2 Answers2

12

I ran into the same problem. The solution was to do just as you have done, but then needed to modify Startup.cs to see it. 

// Adds IdentityServer
services.AddIdentityServer()
    .AddResourceOwnerValidator<**PasswordAuthentication**>()

NOTE: Make sure you don't add it to the AddIdentity which also has the same .AddResourceOwnerValidator function. It took me awhile. Hope this helps someone.

Jason White
  • 5,495
  • 1
  • 21
  • 30
Wauna
  • 2,226
  • 2
  • 10
  • 11
6

According to docs:

If you want to use the OAuth 2.0 resource owner password credential grant (aka password), you need to implement and register the IResourceOwnerPasswordValidator interface:

Since you don't use password grant, expected behaviour is to not call ResourceOwnerPasswordValidator. For your case you don't need ResourceOwnerPasswordValidator implementation.

adem caglin
  • 22,700
  • 10
  • 58
  • 78
  • What would be the correct way to achieve what the OP asked? How would you validate credentials from a custom user DB without using ASP.NET Identity? I need to do something similar with a MS AD behind the scenes. – CesarD May 08 '20 at 15:41