public UserDTO Authenticate(string username, string password)
{
var user = _userFinder.getByUsername(username);
if (user == null)
{
return(null);
}
if (!HashHandle.CheckMatch(user.Password, password))
{
return(null);
}
// authentication successful so generate jwt token
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_authSettings.SecretKey);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.Name, user.Id.ToString())
}),
Expires = DateTime.UtcNow.AddDays(7),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
var userDTO = _baseService.ConvertToDTO <User, UserDTO>(user);
userDTO.Token = tokenHandler.WriteToken(token);
userDTO.Password = null;
return(userDTO);
}