public IActionResult Login(LoginRequestDTO request)
{
var salt = EnrollmentsController.CreateSalt();
var password = EnrollmentsController.Create("das8dha8dadha8", salt);
string login;
string name;
using (var con = new SqlConnection(connection))
using (var com = new SqlCommand())
{
com.Connection = con;
com.CommandText = "SELECT * FROM student WHERE indexnumber = @indexnumber";
com.Parameters.AddWithValue("indexnumber", request.Login);
con.Open();
var dr = com.ExecuteReader();
if (!dr.Read())
{
return(BadRequest("Incorrect login or password"));
}
if (!Validate(request.Pass, dr["salt"].ToString(), dr["password"].ToString()))
{
return(Unauthorized("Incorrect login or password"));
}
login = dr["IndexNumber"].ToString();
name = dr["FirstName"].ToString();
}
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, login),
new Claim(ClaimTypes.Name, name),
new Claim(ClaimTypes.Role, "employee"),
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecretKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken
(
issuer: "Admin",
audience: "Employees",
claims: claims,
expires: DateTime.Now.AddMinutes(10),
signingCredentials: creds
);
var refreshtoken = Guid.NewGuid();
setRefreshToken(refreshtoken.ToString(), login);
return(Ok(new
{
token = new JwtSecurityTokenHandler().WriteToken(token),
refreshtoken
}));
}
public IActionResult Login(LoginRequestDto request)
{
//
var salt = EnrollmentsController.CreateSalt();
var password = EnrollmentsController.Create("brokuly", salt);
Console.WriteLine("Salt: " + salt);
Console.WriteLine("Password: "******"SELECT * FROM student WHERE indexnumber = @indexnumber";
command.Parameters.AddWithValue("indexnumber", request.Login);
var dr = command.ExecuteReader();
if (!dr.Read())
{
return(Unauthorized("Zly login lub haslo"));
}
if (!Validate(request.Haslo, dr["salt"].ToString(), dr["password"].ToString()))
{
return(Unauthorized("Zly login lub haslo"));
}
login = dr["IndexNumber"].ToString();
imie = dr["FirstName"].ToString();
}
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, login),
new Claim(ClaimTypes.Name, imie),
new Claim(ClaimTypes.Role, "employee")
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecretKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken
(
issuer: "Admin",
audience: "Employees",
claims: claims,
expires: DateTime.Now.AddMinutes(10),
signingCredentials: creds
);
var refreshtoken = Guid.NewGuid();
setRefreshTokenInDB(refreshtoken.ToString(), login);
return(Ok(new
{
token = new JwtSecurityTokenHandler().WriteToken(token),
refreshtoken
}));
}