Beispiel #1
0
        // POST api/<controller>
        public async Task <IHttpActionResult> PostAsync([FromBody] Login login)
        {
            var user = await this.AppUserManager.FindAsync(login.Username, login.Password);

            if (user != null)
            {
                // Todo: Deal with Session creation if you want to go this route

                // Todo: Use a secure method of generating/acquiring a secret
                // Todo: NO SERIOUSLY, CHANGE THIS HARDCODED VALUE SO YOU DON'T GET CAUGHT WITH YOUR PANTS DOWN (love, joshua)
                byte[] secretKey = new byte[] { 164, 60, 194, 0, 161, 189, 41, 38, 130, 89, 141, 164, 45, 170, 159, 209, 69, 137, 243, 216, 191, 131, 47, 250, 32, 107, 231, 117, 37, 158, 225, 234 };

                var generator = new TokenModel();

                var claims = new Dictionary <string, object>()
                {
                    //Todo: Insert any claims you want here
                    { "Name", user.FirstName + " " + user.LastName }
                };
                string token = generator.Generate(secretKey, claims);
                return(Ok(ApiOutputFactory.Generate(token)));
            }
            throw new HttpResponseException(HttpStatusCode.Unauthorized);
        }