public UserAuthenticationGetDto Authenticate(UserAuthenticationDto userAuthenticationDto) { var username = userAuthenticationDto.Username; var password = userAuthenticationDto.Password; var user = _context.Users.SingleOrDefault(x => x.Username == username); if (user == null) { return(null); } var passwordHash = new PasswordHash(user.PasswordSalt, user.PasswordHash); if (!passwordHash.Verify(password)) { return(null); } var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes(_appSettings.Secret); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, user.Id.ToString()), new Claim(ClaimTypes.Role, user.Role) }), Expires = DateTime.UtcNow.AddDays(7), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature) }; var token = tokenHandler.CreateToken(tokenDescriptor); _context.Tokens.Add(new Token { Value = tokenHandler.WriteToken(token), UserId = user.Id }); _context.SaveChanges(); var userToReturn = new UserAuthenticationGetDto { UserId = user.Id, Token = tokenHandler.WriteToken(token) }; return(userToReturn); }
/// <summary> /// Authenticate a user. /// </summary> /// <param name="dto"></param> /// <returns></returns> public TokenGetDto Authenticate(UserAuthenticationGetDto dto) { TokenGetDto tokenDto = new TokenGetDto(); User u = _userRepo.GetUser(dto.Mail); if (!u.Password.Equals(dto.Password, StringComparison.OrdinalIgnoreCase)) { throw new IncorrectPasswordException(); } var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); var now = DateTime.UtcNow; var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new[] { new Claim("email", u.Mail), new Claim("userId", u.Id.ToString()), new Claim("personId", u.PersonId.ToString()) }), Expires = now.AddMinutes(2000), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config.JwtToken.SecretKey)), SecurityAlgorithms.HmacSha256), }; var token = tokenHandler.CreateToken(tokenDescriptor); tokenDto = new TokenGetDto() { Token = tokenHandler.WriteToken(token), ValidTo = token.ValidTo }; return(tokenDto); }
public ActionResult <TokenGetDto> Authenticate(UserAuthenticationGetDto dto) { TokenGetDto token = _userManager.Authenticate(dto); return(Ok(token)); }