public Task <string> AuthenticateUser(string username, string password) { return(Task.Run(() => { User user = _userQueryProcessor.GetAllUsers().FirstOrDefault(u => u.Username == username && u.Password == password); // return null if user not found. if (user == null) { return null; } // authentication successful so generate and return jwt token. var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, user.Id.ToString()) }), Expires = DateTime.UtcNow.AddMinutes(10), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(_jwtKeyByte), SecurityAlgorithms.HmacSha256Signature) }; var tokenHandler = new JwtSecurityTokenHandler(); return tokenHandler.WriteToken(tokenHandler.CreateToken(tokenDescriptor)); })); }