public async Task <IHttpActionResult> Login(ViewModels.LoginViewModel model)
{
//if (!this.ModelState.IsValid)
//{
// return this.View(model);
//}
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, change to shouldLockout: true
var result = await this.AppSignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout : false);
switch (result)
{
case SignInStatus.Success:
var user = await this.AppUserManager.FindByNameAsync(model.Email);
var request = HttpContext.Current.Request;
var tokenServiceUrl = request.Url.GetLeftPart(UriPartial.Authority) + request.ApplicationPath + "/Token";
using (var client = new HttpClient())
{
var requestParams = new List <KeyValuePair <string, string> >
{
new KeyValuePair <string, string>("grant_type", "password"),
new KeyValuePair <string, string>("username", model.Email),
new KeyValuePair <string, string>("password", model.Password)
};
var requestParamsFormUrlEncoded = new FormUrlEncodedContent(requestParams);
var tokenServiceResponse = await client.PostAsync(tokenServiceUrl, requestParamsFormUrlEncoded);
var responseString = await tokenServiceResponse.Content.ReadAsStringAsync();
var responseCode = tokenServiceResponse.StatusCode;
var jsSerializer = new System.Web.Script.Serialization.JavaScriptSerializer();
var responseData =
jsSerializer.Deserialize <Dictionary <string, string> >(responseString);
var authToken = responseData["access_token"];
var userName = responseData["userName"];
// Save bearer token to the database
userSessionService.CreateUserSession(userName, authToken);
// Cleanup: delete expired sessions from the database
userSessionService.DeleteExpiredSessions();
return(Json(new { status = true, token = authToken }));
}
case SignInStatus.LockedOut:
return(Json(new { status = false, error = "Lockout" }));
case SignInStatus.RequiresVerification:
return(Json(new { status = false, error = "" }));
case SignInStatus.Failure:
default:
this.ModelState.AddModelError("", "Invalid login attempt.");
return(Json(new { status = false, error = "Invalid login attempt" }));
}
}
public UserLoginResponseModel Login(UserLoginModel model)
{
model.Password = hashCryptoHelper.HashString(model.Password);
var data = userDataRepository.FetchAll()
.Where(x => x.UserEmail == model.UserEmail && x.PassHash == model.Password)
.Select(x => new
{
x,
x.Role.RoleValue
})
.FirstOrDefault();
if (data == null)
{
throw new GenericException(Enums.GenericErrorEnum.UserDoesNotExist);
}
var userData = data.x;
var role = data.RoleValue;
userSessionService.DeleteUserSession(userData.Id.ToString());
userSessionService.CreateUserSession(userData.Id.ToString());
if (userData.FailedLoginCount != 0)
{
userData.FailedLoginCount = 0;
userDataRepository.Update(userData);
userDataRepository.Save();
}
var claims = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.Name, aesCryptoHelper.EncryptString(userData.Id.ToString())),
new Claim(ClaimTypes.Role, role.ToString())
});
return(new UserLoginResponseModel()
{
JWT = jwtHelper.ConstructUserJwt(claims)
});
}
