public string MakeToken(LoginRequestDto request)
{
_validator.ValidateAndThrow(request);
var username = request.Username;
var password = request.Password;
var user = _context.Users.Include(u => u.UserUseCases)
.FirstOrDefault(x => x.Username == username);
if (user == null)
{
return(null);
}
var hashedPassword = user.Password;
var decryptedPassword = CommonMethods.ConvertToDecrypt(hashedPassword);
if (decryptedPassword != password)
{
return(null);
}
var actor = new JwtActor
{
Id = user.Id,
AllowedUseCases = user.UserUseCases.Select(x => x.UseCaseId),
Identity = user.Username
};
var issuer = "asp_api";
var secretKey = "ThisIsMyVerySecretKey";
var claims = new List <Claim> // Jti : "",
{
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString(), ClaimValueTypes.String, issuer),
new Claim(JwtRegisteredClaimNames.Iss, "asp_api", ClaimValueTypes.String, issuer),
new Claim(JwtRegisteredClaimNames.Iat, DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64, issuer),
new Claim("UserId", actor.Id.ToString(), ClaimValueTypes.String, issuer),
new Claim("ActorData", JsonConvert.SerializeObject(actor), ClaimValueTypes.String, issuer)
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secretKey));
var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var now = DateTime.UtcNow;
var token = new JwtSecurityToken(
issuer: issuer,
audience: "Any",
claims: claims,
notBefore: now,
expires: now.AddHours(6),
signingCredentials: credentials);
return(new JwtSecurityTokenHandler().WriteToken(token));
}