I have IdentityServer4 working with AspNetCore.Identity. Logins work fine from the AspNetIdentity Login Page as well as when using the IdentityModel TokenClient.RequestResourceOwnerPasswordAsync.
Then I wanted to extend this to be able to authenticate users against AD. I injected a SignInManager that overrides the PasswordSignInAsync to check the credentials against AD. If the user does not authenticate against AD, then it reverts back to the base implementation (which checks against AspNetUsers).
The login page works fine, I can login using either an AD account or an AspNetUser account.
My problem is that the TokenClient logins do not work with the AD Accounts, and only with AspNetUsers. When performing a TokenClient.RequestResourceOwnerPasswordAsync, none of the sign in methods in the SignInManager get called.
Is there some other place I need to inject some sort of Authentication Service to intercept the logins that are happening via the IdentityServer Token API?
You need to implement and register IResourceOwnerPasswordValidator interface.
More info can be found at Identity Server docs.