public T Authenticate <T>(string username, string password) where T : class, new() //public User Authenticate(string username, string password) { //var user = _users.SingleOrDefault(x => x.Username == username && x.Password == password); var user = _context.Users.SingleOrDefault(x => x.Username == username && x.Password == password); APIResponse <User> data = null; //APIResponse<ResponseEntity<User>> response = null; // return null if user not found if (user == null) { data = APIResponse <User> .ReturnValidResponse(null, System.Reflection.MethodBase.GetCurrentMethod().Name, "V1", new ErrorEntity { code = "1000", message = "Invalid Login information" }, false, ""); //response = new APIResponse<ResponseEntity<User>>(data); return(data as T); //return null; } // authentication successful so generate jwt token var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes(_appSettings.Secret); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, user.Id.ToString()), new Claim(ClaimTypes.Role, user.Role) }), Expires = DateTime.UtcNow.AddDays(7), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature) }; var token = tokenHandler.CreateToken(tokenDescriptor); user.Token = tokenHandler.WriteToken(token); data = APIResponse <User> .ReturnValidResponse(user.WithoutPassword(), System.Reflection.MethodBase.GetCurrentMethod().Name, "V1", null, true, ""); //response = new APIResponse<ResponseEntity<User>>(data); return(data as T); //return user.WithoutPassword(); }