public async Task <IActionResult> Login([FromBody] LoginRequest loginRequest) { var user = await _userRepository.GetUserByEmailAsync(loginRequest.Email); if (user == null) { return(Unauthorized()); } if (!_passwordHelper.IsPasswordValid(loginRequest.Password, user.Hash, user.Salt)) { return(Unauthorized()); } var claims = new List <Claim> { new(ClaimTypes.Name, user.DisplayName), new(ClaimTypes.NameIdentifier, $"{user.UserId}") }; var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme); var claimsPrincipal = new ClaimsPrincipal(claimsIdentity); var authenticationProperties = new AuthenticationProperties { AllowRefresh = true, IsPersistent = loginRequest.RememberMe, IssuedUtc = DateTimeOffset.UtcNow, ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(60) }; await HttpContext.SignInAsync( CookieAuthenticationDefaults.AuthenticationScheme, claimsPrincipal, authenticationProperties); return(Ok()); }