public Authentication Authenticate(string username, string password) { var user = repository.SelectAll().SingleOrDefault(x => x.Username == username); var passwordHash = AuthExtensionMethods.HashPassword(password, user.Salt); var validator = AuthExtensionMethods.VerifyHashedPassword(passwordHash[1], user.Password); // return null if user not found if (user == null || !validator) { return(null); } // authentication successful so generate jwt token var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes(_authSettings.Secret); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, user.Id.ToString()) }), Expires = DateTime.UtcNow.AddMinutes(15), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature) }; var token = tokenHandler.CreateToken(tokenDescriptor); user.Token = tokenHandler.WriteToken(token); repository.Update(user); return(user.WithoutPassword()); }
private static void SeedAuth(ApplicationContext ctx) { var hashedPassword = AuthExtensionMethods.HashPassword("test"); var authObj = new Authentication { FirstName = "Test", LastName = "User", Username = "******", Password = hashedPassword[1], Salt = hashedPassword[0], Token = null, Active = true }; ctx.Add(authObj); ctx.SaveChanges(); }