public IActionResult Login([FromBody] LoginModel user)
{
if (user == null)
{
return(BadRequest("Invalid Request"));
}
PmoUser userDto = _userEngine.AuthenticateUser(user.UserName, user.Password);
if (userDto != null)
{
var secretKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("KeyForSignInSecret@1234"));
var signinCredentials = new SigningCredentials(secretKey, SecurityAlgorithms.HmacSha256);
var tokenOptions = new JwtSecurityToken(
issuer: "http://localhost:49614",
audience: "http://localhost:49614",
claims: new List <Claim>(),
expires: DateTime.Now.AddMinutes(30),
signingCredentials: signinCredentials
);
var tokenString = new JwtSecurityTokenHandler().WriteToken(tokenOptions);
return(Ok(new { Token = tokenString, UserDetails = userDto }));
}
else
{
return(Unauthorized());
}
}
public PmoUser AuthenticateUser(string empId, string passkey)
{
string sql = "AuthenticateUser";
PmoUser user = null;
using (var connection = new SqlConnection(this.connectionString))
{
var sqlCommand = new SqlCommand(sql, connection);
sqlCommand.Parameters.Add(new SqlParameter("@UserName", empId));
sqlCommand.Parameters.Add(new SqlParameter("@Passkey", passkey));
sqlCommand.CommandType = CommandType.StoredProcedure;
try
{
connection.Open();
var reader = sqlCommand.ExecuteReader();
while (reader.Read())
{
user = new PmoUser();
user.EmpName = reader["EmpName"].ToString();
user.EmpNo = reader["Emp_No"].ToString();
user.Designation = reader["Designation"].ToString();
user.Department = reader["Department"].ToString();
user.Location = reader["Location"].ToString();
user.IsAdmin = reader["AdminID"].ToString() == "N" ? false : true;
}
connection.Close();
}
catch (Exception ex)
{
throw;
}
return(user);
}
}
