public IHttpActionResult Login([FromUri] string username, [FromUri] string password) { if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password)) { Logger.GetLogger().Warn($"Username or password is not specified"); return(BadRequest("Username or password is not specified")); } Request.GetOwinContext().Authentication.SignOut(); using (IUnitOfWork uow = ObjectFactory.GetInstance <IUnitOfWork>()) { Fr8AccountDO dockyardAccountDO = uow.UserRepository.FindOne(x => x.UserName == username); if (dockyardAccountDO != null) { var passwordHasher = new PasswordHasher(); if (passwordHasher.VerifyHashedPassword(dockyardAccountDO.PasswordHash, password) == PasswordVerificationResult.Success) { ISecurityServices security = ObjectFactory.GetInstance <ISecurityServices>(); ClaimsIdentity identity = security.GetIdentity(uow, dockyardAccountDO); Request.GetOwinContext().Authentication.SignIn(new AuthenticationProperties { IsPersistent = true }, identity); return(Ok()); } } } Logger.GetLogger().Warn($"Loging failed for {username}"); return(StatusCode(HttpStatusCode.Forbidden)); }