diff --git a/src/Our.Umbraco.AuthU/Our.Umbraco.AuthU.csproj b/src/Our.Umbraco.AuthU/Our.Umbraco.AuthU.csproj
index e0d46a6..9383b64 100644
--- a/src/Our.Umbraco.AuthU/Our.Umbraco.AuthU.csproj
+++ b/src/Our.Umbraco.AuthU/Our.Umbraco.AuthU.csproj
@@ -274,6 +274,7 @@
+
diff --git a/src/Our.Umbraco.AuthU/Services/UmbracoUsersRoleOAuthUserService.cs b/src/Our.Umbraco.AuthU/Services/UmbracoUsersRoleOAuthUserService.cs
new file mode 100644
index 0000000..bf7c3ae
--- /dev/null
+++ b/src/Our.Umbraco.AuthU/Services/UmbracoUsersRoleOAuthUserService.cs
@@ -0,0 +1,65 @@
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Claims;
+using System.Web.Security;
+using Our.Umbraco.AuthU.Interfaces;
+using Umbraco.Core.Models.Membership;
+using Umbraco.Core.Services;
+using Umbraco.Core.Composing;
+
+namespace Our.Umbraco.AuthU.Services
+{
+ public abstract class UmbracoUsersRoleOAuthUserService : IOAuthUserService
+ {
+ public string UserType => "UmbracoUser";
+ private MembershipProvider MemberProvider => Membership.Providers["UsersMembershipProvider"];
+ private readonly IUserService _userService = Current.Services.UserService;
+
+ public bool ValidateUser(string username)
+ {
+ try
+ {
+ var user = _userService.GetByUsername(username);
+ return user != null && user.IsApproved && !user.IsLockedOut;
+ }
+ catch
+ {
+ return false;
+ }
+ }
+
+ public bool ValidateUser(string username, string password)
+ {
+ try
+ {
+ return MemberProvider.ValidateUser(username, password);
+ }
+ catch
+ {
+ return false;
+ }
+ }
+
+ public IEnumerable GetUserClaims(string username)
+ {
+ IUser user = null;
+
+ try
+ {
+ user = _userService.GetByUsername(username);
+ }
+ catch { }
+
+ if (user != null)
+ {
+ yield return new Claim(ClaimTypes.NameIdentifier, user.ProviderUserKey.ToString());
+
+ var roles = user.Groups.Select(g => g.Alias);
+ foreach (var role in roles)
+ {
+ yield return new Claim(ClaimTypes.Role, role);
+ }
+ }
+ }
+ }
+}