public async Task <IActionResult> Login([FromBody] Person person)
{
if (person.Username == null || person.Password == null)
{
return(BadRequest());
}
Person attempt = null;
// add a delay to the login call of 1.5 seconds to prevent timing attacks
var delay = Task.Delay(1500);
var login = Task.Run(() =>
{
attempt = repo.Auth(person);
});
await delay;
// if the attempt was invalid
if (attempt == null)
{
return(new UnauthorizedResult());
}
// if the creds were correct setup our cookie/claims
var identity = new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.Name, attempt.Username),
new Claim("Id", attempt.Id.ToString()),
}, CookieAuthenticationDefaults.AuthenticationScheme);
var principal = new ClaimsPrincipal(identity);
await HttpContext.SignInAsync(
CookieAuthenticationDefaults.AuthenticationScheme, principal,
new AuthenticationProperties
{
ExpiresUtc = DateTime.UtcNow.AddDays(14)
}
);
return(new OkResult());
}
public async Task <IActionResult> Login([FromBody] Person Person)
{
Person attempt = repo.Auth(Person);
if (attempt == null)
{
return(new UnauthorizedResult());
}
var identity = new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.Name, attempt.Username),
new Claim("Id", attempt.Id),
}, CookieAuthenticationDefaults.AuthenticationScheme);
var principal = new ClaimsPrincipal(identity);
await HttpContext.SignInAsync(
CookieAuthenticationDefaults.AuthenticationScheme,
principal
);
return(new OkResult());
}