public async Task <IActionResult> Login(LoginPoco user, string returnUrl = null)
{
const string badUserNameOrPasswordMessage = "Username or password is incorrect.";
var userFromLogin = loginService.Login(user.LoginUserName.ToLower(), user.LoginPassword);
if (userFromLogin == null)
{
return(BadRequest(badUserNameOrPasswordMessage));
}
var identity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme);
identity.AddClaim(new Claim(ClaimTypes.Name, userFromLogin.LoginUserName));
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(identity));
if (returnUrl == null)
{
returnUrl = TempData["returnUrl"]?.ToString();
}
if (returnUrl != null)
{
return(Redirect(returnUrl));
}
return(RedirectToAction(nameof(HomeController.Index), "Home"));
}
public async Task <UserAccount> IsValidAssertion(LoginPoco assertion)
{
//#if DEBUG
// assertion.Username = "******";
// assertion.Password = "******";
//#endif
var findByNameAsync = await FindByNameAsync(assertion.Username);
if (!await CheckPasswordAsync(findByNameAsync, assertion.Password))
{
// if password is invalid
return(null);
}
return(findByNameAsync);
}
// GET api/WebAuth
public async Task <IHttpActionResult> Post([FromBody] LoginPoco assertion)
{
UserAccount user;
if ((user = await _authManager.IsValidAssertion(assertion)) == null)
{
return(Unauthorized());
}
var token = await _tokenManager.CreateToken(user);
return(Ok(new LoginResult
{
AuthenticationToken = token,
User = new LoginResultUser {
UserId = user.UserName
}
}));
}
