public async Task <ActionResult <UserDto> > Login(Userforlogin userforlogin)
{
var user = await _context.Users.SingleOrDefaultAsync(x => x.Name == userforlogin.username);
if (user == null)
{
return(Unauthorized("Invalid username"));
}
using var hmac = new HMACSHA512(user.PasswordSalt);
var computerhash = hmac.ComputeHash(Encoding.UTF8.GetBytes(userforlogin.Password));
for (int i = 0; i < computerhash.Length; i++)
{
if (computerhash[i] != user.PasswordHash[i])
{
return(Unauthorized("Invalid password"));
}
}
return(new UserDto
{
username = user.Name,
Token = _tokenservice.CreateToken(user)
});
}
public async Task <IActionResult> Login(Userforlogin userforlogin)
{
var userfromrepo = await _repo.Login(userforlogin.username.ToLower(), userforlogin.Password);
if (userfromrepo == null)
{
return(BadRequest("Username already exists"));
}
// TOKEN BUILDING
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, userfromrepo.ID.ToString()),
new Claim(ClaimTypes.Name, userfromrepo.Name)
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config.GetSection("AppSettings:Token").Value));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims),
Expires = DateTime.Now.AddDays(1),
SigningCredentials = creds
};
var tokenhandler = new JwtSecurityTokenHandler();
var token = tokenhandler.CreateToken(tokenDescriptor);
return(Ok(new {
User = userforlogin.username,
token = tokenhandler.WriteToken(token)
}));
}
