public async Task <IActionResult> Login([FromBody] Person person) { if (person.Username == null || person.Password == null) { return(BadRequest()); } Person attempt = null; // add a delay to the login call of 1.5 seconds to prevent timing attacks var delay = Task.Delay(1500); var login = Task.Run(() => { attempt = repo.Auth(person); }); await delay; // if the attempt was invalid if (attempt == null) { return(new UnauthorizedResult()); } // if the creds were correct setup our cookie/claims var identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, attempt.Username), new Claim("Id", attempt.Id.ToString()), }, CookieAuthenticationDefaults.AuthenticationScheme); var principal = new ClaimsPrincipal(identity); await HttpContext.SignInAsync( CookieAuthenticationDefaults.AuthenticationScheme, principal, new AuthenticationProperties { ExpiresUtc = DateTime.UtcNow.AddDays(14) } ); return(new OkResult()); }
public async Task <IActionResult> Login([FromBody] Person Person) { Person attempt = repo.Auth(Person); if (attempt == null) { return(new UnauthorizedResult()); } var identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, attempt.Username), new Claim("Id", attempt.Id), }, CookieAuthenticationDefaults.AuthenticationScheme); var principal = new ClaimsPrincipal(identity); await HttpContext.SignInAsync( CookieAuthenticationDefaults.AuthenticationScheme, principal ); return(new OkResult()); }