Beispiel #1
0
        public async Task <ActionResult <LoginResult> > Login(LoginViewModel model)
        {
            if (string.IsNullOrEmpty(model.Username) || string.IsNullOrEmpty(model.Password))
            {
                return(Unauthorized(new { message = "Username or password can't be null" }));
            }

            var ldapUser = _appAuthenticationService.Login(model.Username, model.Password);

            if (ldapUser is null)
            {
                return(BadRequest(new LoginResult {
                    Successful = false, Error = "Bad username or password"
                }));
            }

            var appUserIdentity = await _userManager.FindByNameAsync(ldapUser.UserName);

            if (appUserIdentity is null)
            {
#if DEBUG
                appUserIdentity = await AddIdentityUser(ldapUser);

                await _userManager.CreateAsync(appUserIdentity);
#else
                return(BadRequest(new LoginResult {
                    Successful = false, Error = $"Can't find user {ldapUser.UserName} in AD"
                }));
#endif
            }

            var idettityUser = await _db.Users.Include(u => u.AssosiatedUser).SingleOrDefaultAsync(u => u.UserName == model.Username);

            if (idettityUser is null || !idettityUser.AssosiatedUser.IsActive)
            {
                return(BadRequest(new LoginResult {
                    Successful = false, Error = "User is locked"
                }));
            }

            // update email if changed
            if (appUserIdentity.Email != ldapUser.Email)
            {
                appUserIdentity.Email           = ldapUser.Email;
                appUserIdentity.NormalizedEmail = ldapUser.Email.ToUpperInvariant();

                await _userManager.UpdateAsync(appUserIdentity);
            }

            // update groups if changed
            //await RegisterRoles(appUserIdentity, ldapUser);

            await _signInManager.SignInAsync(appUserIdentity, model.RememberMe);

            var claims = new List <Claim>
            {
                new Claim(ClaimTypes.WindowsAccountName, appUserIdentity.DisplayName),
                new Claim(ClaimTypes.Name, appUserIdentity.UserName),
                new Claim(ClaimTypes.UserData, appUserIdentity.AppUserId.ToString())
            };

            foreach (var role in ldapUser.Roles)
            {
                claims.Add(new Claim(ClaimTypes.Role, role));
            }

            var key    = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["JwtSecurityKey"]));
            var creds  = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
            var expiry = DateTime.Now.AddDays(Convert.ToInt32(_configuration["JwtExpireInDays"]));

            var token = new JwtSecurityToken(
                _configuration["JwtIssuer"],
                _configuration["JwtAudience"],
                claims,
                expires: expiry,
                signingCredentials: creds
                );

            return(Ok(new LoginResult {
                Successful = true, Token = new JwtSecurityTokenHandler().WriteToken(token)
            }));
        }