[HttpPost("login")] //metodo login public async Task <IActionResult> Login(UserForLoginDto userForLoginDto) { var userFromRepo = await _repo.Login(userForLoginDto.Username.ToLower(), userForLoginDto.Password); //verifica che l'utente esista if (userFromRepo == null) // se il nome o password non esistono nel db restituisce null { return(Unauthorized()); // restituisco questo invece di 'nome giusto ma password errata' o viceversa } var claims = new[] //se il login è avvenuto con succeso passo alla definizione del token mettenedo 2 parametri: Id e nome { new Claim(ClaimTypes.NameIdentifier, userFromRepo.Id.ToString()), //Id scritto sul token new Claim(ClaimTypes.Name, userFromRepo.Username) //nome scirtto sul token }; var key = new SymmetricSecurityKey(Encoding.UTF8 .GetBytes(_config.GetSection("AppSettings:Token").Value)); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature); var tokenDescriptor = new SecurityTokenDescriptor //token che viene creato { Subject = new ClaimsIdentity(claims), // il token viene creato inserendo l'iD e il nome Expires = DateTime.Now.AddDays(1), //tempo di scadenza del token SigningCredentials = creds }; var tokenHandler = new JwtSecurityTokenHandler(); var token = tokenHandler.CreateToken(tokenDescriptor); var user = _mapper.Map <UserForListDto>(userFromRepo); return(Ok(new { // token rimandato ai nostri client token = tokenHandler.WriteToken(token), user })); }
public async Task <IActionResult> Login([FromBody] UserForLoginDto userForLoginDto) { // Get the corresponding user from the repository var userFromRepo = await _repo.Login(userForLoginDto.Username.ToLower(), userForLoginDto.Password); // If login/password don't match => user is null => Unauthorized if (userFromRepo == null) { return(Unauthorized()); } // generate JWT var tokenHandler = new JwtSecurityTokenHandler(); // Generate the decode key var key = Encoding.ASCII.GetBytes(_config.GetSection("AppSettings:Token").Value); // Describe the token var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.NameIdentifier, userFromRepo.Id.ToString()), new Claim(ClaimTypes.Name, userFromRepo.Username) }), Expires = DateTime.Now.AddDays(1), SigningCredentials = new SigningCredentials( new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha512Signature ) }; // Create token from description var token = tokenHandler.CreateToken(tokenDescriptor); var tokenString = tokenHandler.WriteToken(token); var user = _mapper.Map <UserForListDto>(userFromRepo); return(Ok(new { tokenString, user })); }
public async Task <IActionResult> Login(UserForLoginDto userForLoginDto) { userForLoginDto.Username = userForLoginDto.Username.ToLower(); var userFromRepo = await _repo.Login(userForLoginDto.Username, userForLoginDto.Password); if (userFromRepo == null) { return(Unauthorized()); } var claims = new[] { new Claim(ClaimTypes.NameIdentifier, userFromRepo.Id.ToString()), new Claim(ClaimTypes.Name, userFromRepo.Username) }; var key = new SymmetricSecurityKey(Encoding.UTF8 .GetBytes(_config.GetSection("AppSettings:Token").Value)); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(claims), Expires = DateTime.Now.AddDays(1), SigningCredentials = creds }; var tokenHandler = new JwtSecurityTokenHandler(); var token = tokenHandler.CreateToken(tokenDescriptor); var user = _mapper.Map <UserForListDto>(userFromRepo); return(Ok(new { token = tokenHandler.WriteToken(token), user })); }
public async Task <IActionResult> Login(UserForLoginDto userForLoginDto) { var UserFromRepo = await _repo.Login(userForLoginDto.UserName.ToLower(), userForLoginDto.Password); if (UserFromRepo == null) { return(Unauthorized()); } // create Token var claims = new[] { new Claim(ClaimTypes.NameIdentifier, UserFromRepo.Id.ToString()), new Claim(ClaimTypes.Name, UserFromRepo.UserName) }; // key to sign our token and seve it in the app setting cuz we going to use in a lot of places var Key = new SymmetricSecurityKey(Encoding.UTF8 .GetBytes(_config.GetSection("AppSettings:Token").Value)); // createing Creadentials var creds = new SigningCredentials(Key, SecurityAlgorithms.HmacSha512Signature); // create security token descriptor which is gonig to contain our claims our expiry data for the token and singing credentils. var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(claims), Expires = DateTime.Now.AddDays(1), SigningCredentials = creds }; var tokenHandler = new JwtSecurityTokenHandler(); // saving our token var token = tokenHandler.CreateToken(tokenDescriptor); return(Ok(new{ token = tokenHandler.WriteToken(token) })); }
public async Task <IActionResult> Login(UserForLoginDto userForLoginDto) { // le eccezioni vengono gestite da un handler globale definito in Startup.cs //throw new Exception("AuthController -> Login says NO!"); var user = await _userManager.FindByNameAsync(userForLoginDto.Username); var result = await _signInManager.CheckPasswordSignInAsync(user, userForLoginDto.Password, false); if (result.Succeeded) { var appUser = await _userManager.Users.Include(p => p.Photos).FirstOrDefaultAsync(u => u.NormalizedUserName == userForLoginDto.Username.ToUpper()); var userToReturn = _mapper.Map <UserForListDto>(appUser); // token restituito nella response // il token può essere verificato sul sito https://jwt.io/ return(Ok(new { token = GenerateJwtToken(appUser), user = userToReturn })); } return(Unauthorized()); }
public async Task <IActionResult> Login(UserForLoginDto userForLoginDto) { var user = await _userManager.FindByNameAsync(userForLoginDto.UserName); if (user == null) { return(Unauthorized()); } var result = await _signInManager.CheckPasswordSignInAsync(user, userForLoginDto.Password, false); if (result.Succeeded) { var appUser = _mapper.Map <UserForListDto>(user); return(Ok(new { token = GenerateJwtToken(user).Result , user = appUser })); } return(Unauthorized()); }
public async Task<IActionResult> Login(UserForLoginDto userForLoginDto) { var userFromRepo = await _repo.Login(userForLoginDto.Username.ToLower(), userForLoginDto.Password); if (userFromRepo == null) return Unauthorized(); var creds = new SigningCredentials(GetKey(), SecurityAlgorithms.HmacSha512Signature); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(GetClaims(userFromRepo)), Expires = DateTime.Now.AddDays(1), SigningCredentials = creds }; var tokenHandler = new JwtSecurityTokenHandler(); var token = tokenHandler.CreateToken(tokenDescriptor); var user = _mapper.Map<UserForListDto>(userFromRepo); return Ok(new { token = tokenHandler.WriteToken(token), user }); }
public async Task <IActionResult> Login(UserForLoginDto userForLoginDto) { var user = await _userManager.FindByNameAsync(userForLoginDto.Username); var result = await _signInManager .CheckPasswordSignInAsync(user, userForLoginDto.Password, false); if (result.Succeeded) { var appUser = await _userManager.Users.Include(p => p.Photos) .FirstOrDefaultAsync(u => u.NormalizedUserName == userForLoginDto.Username.ToUpper()); var userToReturn = _mapper.Map <UserForListDto>(appUser); return(Ok(new { token = GenerateJwtToken(appUser).Result, user = userToReturn })); } return(Unauthorized()); }
public async Task <IActionResult> Login(UserForLoginDto userForLoginDto) { // var userFromRepo = await _repo.Login(userForLoginDto.Username.ToLower(), userForLoginDto.Password); var user = await _userManager.FindByNameAsync(userForLoginDto.Username); var result = await _signInManager.CheckPasswordSignInAsync(user, userForLoginDto.Password, false); // if (userFromRepo == null) // return Unauthorized(); if (result.Succeeded) { var appUser = _mapper.Map <UserForListDto>(user); return(Ok(new { // token = tokenHandler.WriteToken(token), token = GenerateJwtToken(user).Result, user = appUser })); } return(Unauthorized()); }
public async Task <IActionResult> Login(UserForLoginDto userForLoginDto) { var user = await _userManager.FindByNameAsync(userForLoginDto.UserName); if (user == null) { return(Unauthorized("Username not found !")); } var result = await _signInManager.CheckPasswordSignInAsync(user, userForLoginDto.Password, false); if (result.Succeeded) { var appUser = _userManager.Users.Where(u => u.NormalizedUserName == userForLoginDto.UserName.ToUpper()).FirstOrDefault(); var userToReturn = _mapper.Map <UserForDisplayDetailDto>(appUser); return(Ok(new { token = GenerateJwtToken(appUser).Result, user = userToReturn })); } return(Unauthorized("Incorrect Password !")); }
//post URL http:5000/api/auth/login public async Task <IActionResult> Login(UserForLoginDto userForLoginDto) { // missed photoUrl here, before use _context.Users.Include(p => p.Photos) var user = await _userManager.FindByNameAsync(userForLoginDto.username); if (user != null) { var result = await _signInManager.CheckPasswordSignInAsync(user, userForLoginDto.password, false); if (result.Succeeded) { // get photo var userFromRepo = await _context.Users.Include(p => p.Photos).FirstOrDefaultAsync(x => x.UserName == user.UserName); var appUser = _mapper.Map <UserForListDto>(userFromRepo); return(Ok(new { token = GenerateJwtToken(user).Result, user = appUser })); } } return(Unauthorized()); }
public async Task <IActionResult> Login(UserForLoginDto userForLoginDto) { var user = await _userManager.FindByNameAsync(userForLoginDto.Username); // Not good. It would be better to use FindByIdAsync but that method is accepting string as ID not int. var result = await _signInManager .CheckPasswordSignInAsync(user, userForLoginDto.Password, false); // 3rd parameter is used for locking acc if lets say user tries to login 3 time fails. if (result.Succeeded) { var appUser = await _userManager.Users.Include(p => p.Photos) .FirstOrDefaultAsync(u => u.NormalizedUserName == userForLoginDto.Username.ToUpper()); var userToReturn = _mapper.Map <UserForListDto>(appUser); return(Ok(new { token = GenerateJwtToken(appUser).Result, user = userToReturn })); } return(Unauthorized()); }
public async Task <IActionResult> Login(UserForLoginDto userForLoginDto) { //no longer user this login method //var userFromRepo = await _repo.Login(userForLoginDto.Username.ToLower(), userForLoginDto.Password); var user = await _userManager.FindByNameAsync(userForLoginDto.Username); var result = await _signInManager.CheckPasswordSignInAsync( user, userForLoginDto.Password, false); // false - not lock out user when attempting to sign in //if (userFromRepo == null) return Unauthorized(); if (result.Succeeded) { var appUser = _mapper.Map <UserForListDto>(user); return(Ok(new { token = GenerateJwtToken(user).Result, user = appUser })); } return(Unauthorized()); }
public async Task <IActionResult> Login(UserForLoginDto userForLoginDto) { var userFromRepo = await _repo.Login(userForLoginDto.Username, userForLoginDto.Password); if (userFromRepo == null) { return(Unauthorized()); } var claims = new [] { new Claim(ClaimTypes.NameIdentifier, userFromRepo.Id.ToString()), new Claim(ClaimTypes.Name, userFromRepo.Username) }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config.GetSection("AppSettings:Token").Value)); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature); var tokenDescriptor = new SecurityTokenDescriptor() { Subject = new ClaimsIdentity(claims), } }
public async Task <IActionResult> Login(UserForLoginDto userForLoginDto) { //Revisar que exista ese usuario y que haya puesto la contra correcta. var userFromRepo = await _repo.Login(userForLoginDto.Username.ToLower(), userForLoginDto.Password); if (userFromRepo == null) { return(Unauthorized()); } //Creamos los claims que debe llevar el token var claims = new[] { new Claim(ClaimTypes.NameIdentifier, userFromRepo.Id.ToString()), new Claim(ClaimTypes.Name, userFromRepo.Username) }; var key = new SymmetricSecurityKey(Encoding.UTF8 .GetBytes(_config.GetSection("AppSettings:Token").Value)); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(claims), Expires = DateTime.Now.AddDays(1), SigningCredentials = creds }; var tokenHandler = new JwtSecurityTokenHandler(); var token = tokenHandler.CreateToken(tokenDescriptor); return(Ok(new{ token = tokenHandler.WriteToken(token) })); }
public async Task <IActionResult> Login(UserForLoginDto userLoginData) { var userFromRepo = await _authRepository.LoginAsync(userLoginData.Username, userLoginData.Password); if (userFromRepo == null) { return(Unauthorized("Username and password does not match")); } var claims = new[] { new Claim(ClaimTypes.NameIdentifier, userFromRepo.Id.ToString()), new Claim(ClaimTypes.Name, userFromRepo.Username), }; var key = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(_cfg.GetSection("AppSettings:Token").Value)); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(claims), Expires = DateTime.UtcNow.AddDays(1), SigningCredentials = creds }; var tokenHandler = new JwtSecurityTokenHandler(); var token = tokenHandler.CreateToken(tokenDescriptor); var user = _mapper.Map <UserForListDTO>(userFromRepo); return(Ok(new { token = tokenHandler.WriteToken(token), user })); }
public async Task <IActionResult> Login(UserForLoginDto userForLoginDto) { var userFromRepo = await _repo.Login(userForLoginDto.UserName.ToLower(), userForLoginDto.Password); if (userFromRepo == null) { return(Unauthorized()); } var claims = new[] { new Claim(ClaimTypes.NameIdentifier, userFromRepo.Id.ToString()), new Claim(ClaimTypes.Name, userFromRepo.UserName) }; // The claims contains the user id and name. var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config.GetSection("AppSettings:Token").Value)); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(claims), Expires = DateTime.Now.AddDays(1), SigningCredentials = creds }; // Generating the token based on the claims, signed with a secure key. This key is used to authenticate when this is sent back from client in further requests var tokenHandler = new JwtSecurityTokenHandler(); var token = tokenHandler.CreateToken(tokenDescriptor); var user = _mapper.Map <UsersForListDto>(userFromRepo); return(Ok(new { token = tokenHandler.WriteToken(token), // Pass the token to the client user })); }
public async Task <IActionResult> Login(UserForLoginDto login) { if (login is null) { throw new ArgumentNullException(nameof(login)); } var userFromRepo = await _repo.Login(login.Username, login.Password); if (userFromRepo == null) { return(Unauthorized("Unauthorized...")); } var claims = new[] { new Claim(ClaimTypes.NameIdentifier, userFromRepo.Id.ToString()), new Claim(ClaimTypes.Name, userFromRepo.Username) }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config.GetSection("AppSettings:Token").Value)); var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(claims), Expires = DateTime.Now.AddDays(1), SigningCredentials = credentials }; var tokenHandler = new JwtSecurityTokenHandler(); var createToken = tokenHandler.CreateToken(tokenDescriptor); var writeToken = tokenHandler.WriteToken(createToken); return(Ok(writeToken)); }
public async Task <IActionResult> Login(UserForLoginDto userForLoginDto) { throw new Exception("Generated exception!"); var userFromRepo = await _repo.Login(userForLoginDto.Username.ToLower(), userForLoginDto.Password); if (userFromRepo == null) { return(Unauthorized()); } var claims = new[] { new Claim(ClaimTypes.NameIdentifier, userFromRepo.Id.ToString()), new Claim(ClaimTypes.Name, userFromRepo.Username) }; // to have valid token we need to sign it with key var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config.GetSection("AppSettings:Token").Value)); // make key from token var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature); // hash key var tokenDescriptor = new SecurityTokenDescriptor // get token together { Subject = new ClaimsIdentity(claims), Expires = DateTime.Now.AddDays(1), SigningCredentials = creds }; var tokenHandler = new JwtSecurityTokenHandler(); // handler to create token and pass it var token = tokenHandler.CreateToken(tokenDescriptor); // make token return(Ok(new { token = tokenHandler.WriteToken(token) // return token to client })); }
public async Task <IActionResult> Login([FromBody] UserForLoginDto userForLoginDto) { if (!ModelState.IsValid) { return(BadRequest()); } var userFromRepo = await _repo.Login(userForLoginDto.UserName.ToLower(), userForLoginDto.Password); if (userFromRepo == null) { return(Unauthorized()); } // generate token var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes(_config.GetSection("AppSettings:Token").Value); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.NameIdentifier, userFromRepo.Id.ToString()), new Claim(ClaimTypes.Name, userFromRepo.Username) }), Expires = DateTime.Now.AddDays(1), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha512Signature) }; var token = tokenHandler.CreateToken(tokenDescriptor); var tokenString = tokenHandler.WriteToken(token); // var user = _mapper.Map <UserForListDto>(userFromRepo); return(Ok(new { tokenString, user })); }
public async Task <IActionResult> Login([FromBody] UserForLoginDto userForLoginDto) { //throw new Exception("Computer really says no!"); // try // { var userFromRepo = await _repo.Login(userForLoginDto.Username.ToLower(), userForLoginDto.Password); if (userFromRepo == null) { return(Unauthorized()); } // generate token var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes(_config.GetSection("AppSettings:Token").Value); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.NameIdentifier, userFromRepo.Id.ToString()), new Claim(ClaimTypes.Name, userFromRepo.Username) }), Expires = DateTime.Now.AddDays(1), SigningCredentials = new SigningCredentials( new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha512Signature) }; var token = tokenHandler.CreateToken(tokenDescriptor); var tokenString = tokenHandler.WriteToken(token); return(Ok(new { tokenString })); // } // catch // { // return StatusCode(500, 'Computer really says no!') // } }
public async Task <IActionResult> Login(UserForLoginDto userForLoginDto) { //throw new Exception("Computer says no"); var userFromRepo = await this._repo.Login(userForLoginDto.Username.ToLower(), userForLoginDto.Password); if (userFromRepo == null) { return(Unauthorized()); } //return a toke, add JWTs token var claims = new[] { new Claim(ClaimTypes.NameIdentifier, userFromRepo.Id.ToString()), new Claim(ClaimTypes.Name, userFromRepo.Username) }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(this._config.GetSection("AppSettings:Token").Value)); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(claims), Expires = DateTime.Now.AddDays(1), SigningCredentials = creds }; var tokenHandler = new JwtSecurityTokenHandler(); SecurityToken token = tokenHandler.CreateToken(tokenDescriptor); return(Ok(new { Token = tokenHandler.WriteToken(token) })); //anonymous type as an object }
public async Task <IActionResult> Login(UserForLoginDto userForLoginDto) { var userFomRepo = await _repo.Login(userForLoginDto.Username, userForLoginDto.Password); if (userFomRepo == null) { return(Unauthorized()); } //build a token to retrun to the user var claims = new [] { new Claim(ClaimTypes.NameIdentifier, userFomRepo.Id.ToString()), new Claim(ClaimTypes.Name, userFomRepo.Name) }; //need a key for our token which will be hashed var key = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(_config.GetSection("AppSettings:Token").Value)); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(claims), Expires = DateTime.Now.AddDays(1), SigningCredentials = creds }; var tokenHandler = new JwtSecurityTokenHandler(); var token = tokenHandler.CreateToken(tokenDescriptor); return(Ok(new { token = tokenHandler.WriteToken(token) })); }
public async Task <IActionResult> Login(UserForLoginDto userForLoginDto) { userForLoginDto.Username = userForLoginDto.Username.ToLower(); var user = await _repo.Login(userForLoginDto.Username, userForLoginDto.Password); if (user == null) { return(Unauthorized("Incorrect Credientials")); } // Send the token to the user so that any further request will be authenticated based on the JWT Token var claims = new[] { new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()), new Claim(ClaimTypes.Name, user.Username) }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config.GetSection("AppSettings:Token").Value)); var cred = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(claims), Expires = DateTime.Now.AddHours(2), SigningCredentials = cred }; var tokenHandler = new JwtSecurityTokenHandler(); var token = tokenHandler.CreateToken(tokenDescriptor); return(Ok(new { token = tokenHandler.WriteToken(token) })); }
public async Task <IActionResult> Login(UserForLoginDto user) { //throw new Exception("... this shit is getting on my nerves - exception ! ...."); var userFromRepo = await _repo.Login(user.UserName.ToLower(), user.Password); if (userFromRepo == null) { return(Unauthorized()); } var secret = _config.GetSection("Cembo_Settings:Token").Value; var token = new JWTToken(userFromRepo, secret); var tokenBuild = token.Build(); var userFromApi = _mapper.Map <UserForListDto>(userFromRepo); return(Ok(new { token = tokenBuild, userFromApi })); }
public async Task <IActionResult> Login(UserForLoginDto userForLoginDto) { var userFromRepo = await _repo.Login(userForLoginDto.Username.ToLower(), userForLoginDto.Password); if (userFromRepo == null) { return(Unauthorized()); } // Create Login Token - JWT var claims = new[] { new Claim(ClaimTypes.NameIdentifier, userFromRepo.Id.ToString()), // DatabaseId new Claim(ClaimTypes.Name, userFromRepo.UserName) // User Name }; // Sign the Token var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config.GetSection("AppSettings:Token").Value)); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature); // Create Token var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(claims), Expires = DateTime.Now.AddDays(1), SigningCredentials = creds }; // Create JWT Token Handler var tokenHandler = new JwtSecurityTokenHandler(); var token = tokenHandler.CreateToken(tokenDescriptor); return(Ok(new { // Do new as this will create an object and return JSON rather than just a string with token in token = tokenHandler.WriteToken(token) })); }
public async Task <IActionResult> Login(UserForLoginDto loginDto) { var user = await _authRepository.Login(loginDto.UserName.ToLower(), loginDto.Password); if (user == null) { return(Unauthorized()); } // payload var claims = new[] { new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()), new Claim(ClaimTypes.Name, user.UserName) }; // secret var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config.GetSection("AppSettings:Token").Value)); var signingCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(claims), Expires = DateTime.Now.AddDays(1), SigningCredentials = signingCredentials }; var tokenHandler = new JwtSecurityTokenHandler(); var token = tokenHandler.CreateToken(tokenDescriptor); return(Ok(new { token = tokenHandler.WriteToken(token) })); }
public async Task <IActionResult> Login(UserForLoginDto userForLoginDto) { var userFromRepo = await _repo.Login(userForLoginDto.Username.ToLower(), userForLoginDto.Password); if (userFromRepo == null) { return(Unauthorized()); } var claims = new[] { new Claim(ClaimTypes.NameIdentifier, userFromRepo.Id.ToString()), new Claim(ClaimTypes.Name, userFromRepo.Username) };// hàm này lấy ra ID đăng nhập và Username var key = new SymmetricSecurityKey(Encoding.UTF8 .GetBytes(_config.GetSection("AppSettings:Token").Value)); //lấy ra key var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(claims), //điều kiện id Expires = DateTime.Now.AddDays(1), // điều kiện giới hạn 1 ngày SigningCredentials = creds // mã hóa }; var tokenHandler = new JwtSecurityTokenHandler(); var token = tokenHandler.CreateToken(tokenDescriptor); return(Ok(new { token = tokenHandler.WriteToken(token) })); }
public async Task <IActionResult> Login([FromBody] UserForLoginDto userForLoginDto) { try { Users userFromRepo = await _repo.Login(userForLoginDto.Username.ToLower(), userForLoginDto.Password); if (userFromRepo == null) { return(Unauthorized()); } var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes("super secret key"); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.NameIdentifier, userFromRepo.Id.ToString()), new Claim(ClaimTypes.Name, userFromRepo.Username) } ), Expires = DateTime.Now.AddDays(1), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha512Signature) }; var token = tokenHandler.CreateToken(tokenDescriptor); var tokenString = tokenHandler.WriteToken(token); var user = _mapper.Map <UserForListDto>(userFromRepo); return(Ok(new { tokenString, user })); } catch (Exception) { return(StatusCode(500, "It is wrong login apply.")); } }
public async Task <IActionResult> Login(UserForLoginDto userForLoginDto) { var userFromRepo = await _repo.Login(userForLoginDto.Username.ToLower(), userForLoginDto.Password); if (userFromRepo == null) { return(Unauthorized());//not tell user like your username is not valid(hacker can try to brute force) } var claims = new[] { new Claim(ClaimTypes.NameIdentifier, userFromRepo.Id.ToString()), //convert int Id to String because ClaimTypes is string new Claim(ClaimTypes.Name, userFromRepo.Username) }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config.GetSection("AppSettings:Token").Value)); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(claims), Expires = DateTime.Now.AddDays(1), SigningCredentials = creds }; var tokenHandler = new JwtSecurityTokenHandler(); var token = tokenHandler.CreateToken(tokenDescriptor); var localUserData = _mapper.Map <LocalUserData>(userFromRepo); return(Ok(new { token = tokenHandler.WriteToken(token), localUserData }));//return token as object type }