public IActionResult LoginEmployee(LoginRequestcs request) { if (_service.CheckCred(request) <= 0) { return(Unauthorized()); } var claims = new[] { new Claim(ClaimTypes.Name, request.login), new Claim(ClaimTypes.Role, "employee") }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecretKey"])); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken ( issuer: "s18663", audience: "Students", claims: claims, expires: DateTime.Now.AddMinutes(10), signingCredentials: creds ); return(Ok(new { token = new JwtSecurityTokenHandler().WriteToken(token), refreshToken = Guid.NewGuid() })); }
public int CheckCred(LoginRequestcs request) { using (var con = new SqlConnection("Data Source=db-mssql;Initial Catalog=s18663;Integrated Security=True")) using (var com = new SqlCommand()) { con.Open(); com.Connection = con; com.CommandText = "select Salt from Student where IndexNumber=@index"; com.Parameters.AddWithValue("index", request.login); var dr = com.ExecuteReader(); dr.Read(); var salt = dr["Salt"].ToString(); dr.Close(); var valueBytes = KeyDerivation.Pbkdf2( password: request.pass, salt: Encoding.UTF8.GetBytes(salt), prf: KeyDerivationPrf.HMACSHA512, iterationCount: 10000, numBytesRequested: 256 / 8); string hash = Convert.ToBase64String(valueBytes); com.Connection = con; com.CommandText = "Select count(1) from Student where IndexNumber=@index and Pass=@pass"; com.Parameters.AddWithValue("index", request.login); com.Parameters.AddWithValue("pass", hash); dr = com.ExecuteReader(); int count = 0; if (dr.Read()) { count = (int)dr.GetValue(0); } dr.Close(); return(count); } }