public IActionResult LoginEmployee(LoginRequestcs request)
{
if (_service.CheckCred(request) <= 0)
{
return(Unauthorized());
}
var claims = new[]
{
new Claim(ClaimTypes.Name, request.login),
new Claim(ClaimTypes.Role, "employee")
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecretKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken
(
issuer: "s18663",
audience: "Students",
claims: claims,
expires: DateTime.Now.AddMinutes(10),
signingCredentials: creds
);
return(Ok(new
{
token = new JwtSecurityTokenHandler().WriteToken(token),
refreshToken = Guid.NewGuid()
}));
}
public int CheckCred(LoginRequestcs request)
{
using (var con = new SqlConnection("Data Source=db-mssql;Initial Catalog=s18663;Integrated Security=True"))
using (var com = new SqlCommand())
{
con.Open();
com.Connection = con;
com.CommandText = "select Salt from Student where IndexNumber=@index";
com.Parameters.AddWithValue("index", request.login);
var dr = com.ExecuteReader();
dr.Read();
var salt = dr["Salt"].ToString();
dr.Close();
var valueBytes = KeyDerivation.Pbkdf2(
password: request.pass,
salt: Encoding.UTF8.GetBytes(salt),
prf: KeyDerivationPrf.HMACSHA512,
iterationCount: 10000,
numBytesRequested: 256 / 8);
string hash = Convert.ToBase64String(valueBytes);
com.Connection = con;
com.CommandText = "Select count(1) from Student where IndexNumber=@index and Pass=@pass";
com.Parameters.AddWithValue("index", request.login);
com.Parameters.AddWithValue("pass", hash);
dr = com.ExecuteReader();
int count = 0;
if (dr.Read())
{
count = (int)dr.GetValue(0);
}
dr.Close();
return(count);
}
}
