public IActionResult Login(LoginRequestDto request) { LoginAttemptResponse loginAttempt = _dbService.checkLogin(request.Login); if (loginAttempt == null) { return(NotFound("That login does not exist in the database")); } if (!AuthHandler.Validate(request.Password, loginAttempt.Salt, loginAttempt.Hash)) { return(BadRequest("Incorrect Password")); } var claims = new[] { new Claim(ClaimTypes.NameIdentifier, loginAttempt.Login), new Claim(ClaimTypes.Name, loginAttempt.FirstName), new Claim(ClaimTypes.Role, "user") }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("FFFFFFFFFIIIIIIIIIXXXXXX THEEEEEE VAAAAAAAALLLLLLLLLUUUEEEEEEE!!!!!!!!!!!!!!!!!!!!")); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken ( issuer: "AdvertCompany", audience: "user", claims: claims, expires: DateTime.Now.AddMinutes(10), signingCredentials: creds ); var refreshToken = Guid.NewGuid(); string refreshTokenString = refreshToken.ToString(); RecordTokenRequest rtr = new RecordTokenRequest { IdClient = loginAttempt.IdClient, refreshTokenValue = loginAttempt.TokenString }; _dbService.RecordToken(rtr); return(Ok(new { accessToken = new JwtSecurityTokenHandler().WriteToken(token), refreshToken })); }
public IActionResult Login(LoginRequestDto request) { LoginAttemptResponse loginAttemptResponse = _dbService.checkLogin(request.Login); if (loginAttemptResponse == null) { return(NotFound("That index number does not exist in the database")); } if (!AuthHandler.Validate(request.Password, loginAttemptResponse.Salt, loginAttemptResponse.Hash)) { return(BadRequest("Incorrect Password")); } var claims = new[] { new Claim(ClaimTypes.NameIdentifier, request.Login), new Claim(ClaimTypes.Name, loginAttemptResponse.FirstName), new Claim(ClaimTypes.Role, "employee") }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecretKey"])); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken ( issuer: "Gakko", audience: "employee", claims: claims, expires: DateTime.Now.AddMinutes(10), signingCredentials: creds ); var refreshToken = Guid.NewGuid(); string refreshTokenString = refreshToken.ToString(); var tokenCreated = new Token { TokenString = refreshTokenString, NameIdentifier = request.Login, FirstName = loginAttemptResponse.FirstName }; _dbService.RecordToken(tokenCreated); return(Ok(new { accessToken = new JwtSecurityTokenHandler().WriteToken(token), refreshToken })); }
public LoginAttemptResponse checkLogin(string login) { LoginAttemptResponse loginAttemptResponse = _advertContext.Client.Where(s => s.Login == login).Select(p => new LoginAttemptResponse { FirstName = p.FirstName, Hash = p.Hash, IdClient = p.IdClient, Login = p.Login, Salt = p.Salt, TokenString = p.TokenString }).FirstOrDefault(); return(loginAttemptResponse); }