public async Task <IActionResult> login(UserFromLoginDto userFromLoginDto) { //Check if Login credentials match against the DB // var userFromRepo = await _repo.Login(userFromLoginDto.Username, userFromLoginDto.Password); //If Login credentials do not match...the user is unauthorized // if (userFromRepo == null) { return(Unauthorized()); } //Start building Claims for UserName and password. Claim = Build Identity of user //We already verified that this usrNm/pass exists // var claims = new[] { new Claim(ClaimTypes.NameIdentifier, userFromRepo.Id.ToString()), new Claim(ClaimTypes.Name, userFromRepo.UserName) }; //We define this key in our appSettings.json but, a key must be in bytes[] //The key is required for the Server to sign the Token // var key = new SymmetricSecurityKey(Encoding.UTF8 .GetBytes(_config.GetSection("AppSettings:Token").Value)); //In order for Server to sign the token. Our key must be hashed using a security algorithm. //The Server Validates the Token by signing using the key... Microsoft.IdentityModel.Tokens // var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature); //Bundle (Claims we made about the user + Validation = Server Signed Token "creds") // var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(claims), Expires = DateTime.Now.AddDays(1), SigningCredentials = creds }; //The token needs a handler to deal with the token in a secure way // var tokenHandler = new JwtSecurityTokenHandler(); //Create a JWT token and pass the bundles properties of the token //Contains the JWT token that we want to return to our client // var token = tokenHandler.CreateToken(tokenDescriptor); //Return the JWT Token as an (obj) Token to the Client //Serialize/Write token (obj) as a response back to the client // return(Ok( new { token = tokenHandler.WriteToken(token) } )); }
public async Task <IActionResult> Login(UserFromLoginDto userFromLoginDto) { System.Threading.Thread.Sleep(3000); var user = await _userManagar.FindByNameAsync(userFromLoginDto.Username); var result = await _signInManager.CheckPasswordSignInAsync(user, userFromLoginDto.Password, false); if (result.Succeeded) { var appUser = await _userManagar.Users.Include(p => p.Photos) .FirstOrDefaultAsync(u => u.NormalizedUserName == userFromLoginDto.Username.ToUpper()); var userToReturn = _mapper.Map <UserForListDto>(appUser); return(Ok(new { token = GenerateJwtToken(appUser), user = userToReturn })); } return(Unauthorized()); }