Exemple #1
0
        public IActionResult Login(LoginRequestDTO request)
        {
            var salt     = EnrollmentsController.CreateSalt();
            var password = EnrollmentsController.Create("das8dha8dadha8", salt);

            string login;
            string name;

            using (var con = new SqlConnection(connection))
                using (var com = new SqlCommand())
                {
                    com.Connection  = con;
                    com.CommandText = "SELECT * FROM student WHERE indexnumber = @indexnumber";
                    com.Parameters.AddWithValue("indexnumber", request.Login);


                    con.Open();

                    var dr = com.ExecuteReader();

                    if (!dr.Read())
                    {
                        return(BadRequest("Incorrect login or password"));
                    }
                    if (!Validate(request.Pass, dr["salt"].ToString(), dr["password"].ToString()))
                    {
                        return(Unauthorized("Incorrect login or password"));
                    }
                    login = dr["IndexNumber"].ToString();
                    name  = dr["FirstName"].ToString();
                }

            var claims = new[]
            {
                new Claim(ClaimTypes.NameIdentifier, login),
                new Claim(ClaimTypes.Name, name),
                new Claim(ClaimTypes.Role, "employee"),
            };

            var key   = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecretKey"]));
            var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

            var token = new JwtSecurityToken
                        (
                issuer: "Admin",
                audience: "Employees",
                claims: claims,
                expires: DateTime.Now.AddMinutes(10),
                signingCredentials: creds
                        );

            var refreshtoken = Guid.NewGuid();

            setRefreshToken(refreshtoken.ToString(), login);
            return(Ok(new
            {
                token = new JwtSecurityTokenHandler().WriteToken(token),
                refreshtoken
            }));
        }
Exemple #2
0
        public IActionResult Login(LoginRequestDto request)
        {
            //
            var salt     = EnrollmentsController.CreateSalt();
            var password = EnrollmentsController.Create("brokuly", salt);

            Console.WriteLine("Salt: " + salt);
            Console.WriteLine("Password: "******"SELECT * FROM student WHERE indexnumber = @indexnumber";
                    command.Parameters.AddWithValue("indexnumber", request.Login);
                    var dr = command.ExecuteReader();
                    if (!dr.Read())
                    {
                        return(Unauthorized("Zly login lub haslo"));
                    }
                    if (!Validate(request.Haslo, dr["salt"].ToString(), dr["password"].ToString()))
                    {
                        return(Unauthorized("Zly login lub haslo"));
                    }
                    login = dr["IndexNumber"].ToString();
                    imie  = dr["FirstName"].ToString();
                }
            var claims = new[]
            {
                new Claim(ClaimTypes.NameIdentifier, login),
                new Claim(ClaimTypes.Name, imie),
                new Claim(ClaimTypes.Role, "employee")
            };
            var key   = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecretKey"]));
            var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
            var token = new JwtSecurityToken
                        (
                issuer: "Admin",
                audience: "Employees",
                claims: claims,
                expires: DateTime.Now.AddMinutes(10),
                signingCredentials: creds
                        );

            var refreshtoken = Guid.NewGuid();

            setRefreshTokenInDB(refreshtoken.ToString(), login);
            return(Ok(new
            {
                token = new JwtSecurityTokenHandler().WriteToken(token),
                refreshtoken
            }));
        }