public async Task <ActionResult <UserDto> > Authorize(AuthorizeDto dto) { var sessionResult = await _lastFm.CreateLastFmSession(dto.Token); if (sessionResult.IsFailed) { return(HandleLastFmError(sessionResult)); } var session = sessionResult.Value; var user = await _userService.FindUserFromUserName(session.LastFmUser); if (user == null) { var userInfo = await _lastFm.GetUserInfo(null, session.Key); if (userInfo.IsFailed) { return(HandleLastFmError(sessionResult)); } user = await _userService.GetOrCreateUserFromInfo(userInfo.Value); } var claims = new List <Claim>() { new Claim(ClaimTypes.NameIdentifier, session.LastFmUser), new Claim("SessionKey", session.Key) }; var claimsIdentity = new ClaimsIdentity( claims, CookieAuthenticationDefaults.AuthenticationScheme ); var authProperties = new AuthenticationProperties() { IsPersistent = true, }; await HttpContext.SignInAsync( CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(claimsIdentity), authProperties ); return(Ok(new UserDto() { Id = user.Id, UserName = user.UserName, RealName = user.RealName, LastFmUrl = user.LastFmUrl, ProfilePicture = user.ProfilePicture, RegisteredAt = user.RegisteredAt, IanaTimezone = user.IanaTimezone, })); }