public async Task <IActionResult> Authorize([FromBody] AuthenticationDto model) { var found = await _administrationManager.Get(model.UserName); if (found != null && found.DeactivatedDate == null && _passwordStorage.VerifyHashedPassword(new User(), found.PasswordHash, model.Password) == PasswordVerificationResult.Success) { var now = DateTime.UtcNow; var claims = new List <Claim> { new Claim(JwtRegisteredClaimNames.Sub, found.UserName), // The subject of the token. new Claim(JwtRegisteredClaimNames.Email, found.Email), // The email. new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), // Unique identifier for the JWT. Can be used to prevent the JWT from being replayed.This is helpful for a one time use token. new Claim(JwtRegisteredClaimNames.Iat, now.ToUniversalTime().ToString(CultureInfo.InvariantCulture), ClaimValueTypes.Integer64) // The time the JWT was issued. Can be used to determine the age of the JWT. }; // Include user claims claims.AddRange(found.Claims.Select(foundClaim => new Claim(foundClaim.ClaimType, foundClaim.ClaimValue))); // Include user Id claims.Add(new Claim(ClaimTypes.PrimarySid, found.Id.ToString())); // Include email claims.Add(new Claim(ClaimTypes.Email, found.Email)); // Include the name in the claims claims.Add(found.Profile != null ? new Claim(ClaimTypes.Name, $"{found.Profile.FirstName} {found.Profile.LastName}") : new Claim(ClaimTypes.Name, $"{found.UserName}")); var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(_settings.Value.Secret)); var jwt = new JwtSecurityToken( issuer: _settings.Value.Issuer, audience: _settings.Value.Audience, claims: claims, notBefore: now, // Token will live 48 hours expires: now.Add(TimeSpan.FromHours(48)), signingCredentials: new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256) ); var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt); var responseJson = new { access_token = encodedJwt, expires_in = (int)TimeSpan.FromHours(48).TotalSeconds }; return(new JsonResult(responseJson)); } return(new JsonResult(string.Empty)); }