I would like to authenticate user not just based on username and password, but also based on tenant. I would like to pass tenant as custom header X-Company-Tenant. Can I read this custom header value in ResourceOwnerPasswordValidator in procedure ValidateAsync?
Is it possible to create a middleware on IdentityServer4 to read header from request and pass that value to ValidateAsync?
In ASP.NET you can inject the IHttpContextAccessor into anything that comes from DI (as a constructor dependency). This will give you access to the current HTTP context - including the request headers.
That said - you could also post the tenant as a body member and you would get easy access from the context object passed into your validator.