Example #1
0
        public IActionResult LoginEmployee(LoginRequestcs request)
        {
            if (_service.CheckCred(request) <= 0)
            {
                return(Unauthorized());
            }

            var claims = new[]
            {
                new Claim(ClaimTypes.Name, request.login),
                new Claim(ClaimTypes.Role, "employee")
            };

            var key   = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecretKey"]));
            var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

            var token = new JwtSecurityToken
                        (
                issuer: "s18663",
                audience: "Students",
                claims: claims,
                expires: DateTime.Now.AddMinutes(10),
                signingCredentials: creds
                        );

            return(Ok(new
            {
                token = new JwtSecurityTokenHandler().WriteToken(token),
                refreshToken = Guid.NewGuid()
            }));
        }
        public int CheckCred(LoginRequestcs request)
        {
            using (var con = new SqlConnection("Data Source=db-mssql;Initial Catalog=s18663;Integrated Security=True"))
                using (var com = new SqlCommand())
                {
                    con.Open();
                    com.Connection = con;

                    com.CommandText = "select Salt from Student where IndexNumber=@index";
                    com.Parameters.AddWithValue("index", request.login);

                    var dr = com.ExecuteReader();
                    dr.Read();
                    var salt = dr["Salt"].ToString();
                    dr.Close();

                    var valueBytes = KeyDerivation.Pbkdf2(
                        password: request.pass,
                        salt: Encoding.UTF8.GetBytes(salt),
                        prf: KeyDerivationPrf.HMACSHA512,
                        iterationCount: 10000,
                        numBytesRequested: 256 / 8);

                    string hash = Convert.ToBase64String(valueBytes);

                    com.Connection  = con;
                    com.CommandText = "Select count(1) from Student where IndexNumber=@index and Pass=@pass";
                    com.Parameters.AddWithValue("index", request.login);
                    com.Parameters.AddWithValue("pass", hash);
                    dr = com.ExecuteReader();
                    int count = 0;
                    if (dr.Read())
                    {
                        count = (int)dr.GetValue(0);
                    }

                    dr.Close();
                    return(count);
                }
        }