public async Task <IActionResult> Login([FromBody] DtoIncomingUserLogin dto) { // note the user is allowed to use username or email to login // check to see if entered field is username or password // we do that by checking if it contains the @ character // since we do not allow this character in username User user; if (dto.UserNameOrEmail.Contains("@")) { user = await _userManager.FindByEmailAsync(dto.UserNameOrEmail); } else { user = await _userManager.FindByNameAsync(dto.UserNameOrEmail); } // check to see if username / email exist if (user == null) { return(Unauthorized()); } // now check password var result = await _signInManager.CheckPasswordSignInAsync(user, dto.Password, false); if (result.Succeeded) { return(Ok(new { token = GenerateJwtToken(user).Result })); } //password check failed return(Unauthorized()); }
public async Task <IActionResult> Login([FromBody] DtoIncomingUserLogin dto) { // check if user exists var user = await _userManager.FindByEmailAsync(dto.Email); if (user == null) { return(Unauthorized()); } // now check password var result = await _signInManager.CheckPasswordSignInAsync(user, dto.Password, false); if (result.Succeeded) { return(Ok(new { token = GenerateJwtToken(user).Result })); } // we got here, therefore password check failed return(Unauthorized()); }