public IActionResult GetPublicKey()
{
var publicKey = _settings.PublicKey;
try
{
RSACryptoServiceProvider publicProvider = new RSACryptoServiceProvider();
RSAUtility.FromXmlString(publicProvider, publicKey);
var publicPemKey = new StringWriter();
RSAUtility.ExportPublicKey(publicProvider, publicPemKey);
var key = new
{
Key = publicPemKey.ToString()
};
return(Ok(key));
}
catch (Exception ex)
{
return(Ok("There was an error Creating a public key"));
}
}
public IActionResult Login([FromBody] Login credentials)
{
if (credentials == null)
{
return(BadRequest("Invalid Request"));
}
try
{
var privateKey = _settings.PrivateKey;
var encryptedUser = Convert.FromBase64String(credentials.UserName);
var encryptedPass = Convert.FromBase64String(credentials.Password);
RSACryptoServiceProvider privateProvider = new RSACryptoServiceProvider();
RSAUtility.FromXmlString(privateProvider, privateKey);
var decryptedUser = privateProvider.Decrypt(encryptedUser, false);
var decryptedPass = privateProvider.Decrypt(encryptedPass, false);
var plaintextUser = Encoding.ASCII.GetString(decryptedUser);
var plaintextPass = Encoding.ASCII.GetString(decryptedPass);
// See if the user exists
var user = _context.Users
.Where(u => (u.Username == plaintextUser || u.Email == plaintextUser) &&
u.IsDeleted == false)
.FirstOrDefault();
// Decrypt the database password
var dbPassBytes = user != null
? Convert.FromBase64String(user.Password)
: null;
var decryptedDbPass = dbPassBytes != null
? privateProvider.Decrypt(dbPassBytes, false)
: null;
var plainTextDbPass = decryptedDbPass != null
? Encoding.ASCII.GetString(decryptedDbPass)
: null;
// Return bad request if user doesn't exist, or password is expired
if (user == null)
{
return(Ok(new { Message = "User not found" }));
}
else if (user.PasswordExpiration < DateTime.Now)
{
return(Ok(new { Message = "Password Expired" }));
}
else if (plainTextDbPass != plaintextPass)
{
return(Ok(new { Message = "Username or Password is incorrect" }));
}
else
{
var secretKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(_settings.SecretKey));
var signingCredentials = new SigningCredentials(secretKey, SecurityAlgorithms.HmacSha256);
var role = _context.Roles
.Where(r => r.RoleId == user.RoleId)
.FirstOrDefault();
// Add specific claims
var claims = new List <Claim>
{
new Claim("User", $"{user.FirstName} {user.LastName}"),
new Claim("Role", role.Name)
};
var userClaimMaps = _context.UserRoleClaimMaps
.Where(map => map.RoleId == user.RoleId)
.ToList();
foreach (var claim in userClaimMaps)
{
var currentClaim = _context.Claims
.Where(c => c.ClaimId == claim.ClaimId)
.FirstOrDefault();
claims.Add(new Claim("Claim", currentClaim.Name));
}
// Create the token options
var tokenOptions = new JwtSecurityToken(
issuer: _settings.Issuer,
audience: _settings.Audience,
claims: claims,
expires: DateTime.Now.AddMinutes(30),
signingCredentials: signingCredentials
);
var handler = new JwtSecurityTokenHandler();
var tokenString = handler.WriteToken(tokenOptions);
//Set last logon for user
user.LastLogon = DateTime.Now;
user.Modified = DateTime.Now;
_context.SaveChanges();
return(Ok(new { Token = tokenString }));
}
}
catch (Exception ex)
{
return(Ok(ex.Message));
}
}