public async Task <IActionResult> Authenticate([FromBody] UserAuthenticationResource userAuthenticationResource) { var response = await _userService.Authenticate(userAuthenticationResource.Email, userAuthenticationResource.Password); if (!response.Success) { return(BadRequest(response.Error)); } var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes(_appSettings.Secret); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, response.Result.Id.ToString()) }), Expires = DateTime.UtcNow.AddDays(7), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature) }; var token = tokenHandler.CreateToken(tokenDescriptor); var tokenString = tokenHandler.WriteToken(token); // return basic user info (without password) and token to store client side UserWithTokenResource userToken = new UserWithTokenResource(); userToken.Id = response.Result.Id; userToken.Email = response.Result.Email; userToken.FirstName = response.Result.FirstName; userToken.LastName = response.Result.LastName; userToken.Token = tokenString; return(Ok(userToken)); }
public APIGatewayProxyResponse Authenticate([FromBody] UserAuthenticationResource user) { User loadedUser = _context.Users.SingleOrDefault(u => u.Email == user.Email); MD5 md5Hash = MD5.Create(); string hash = GetMd5Hash(md5Hash, user.Password); if (!VerifyMd5Hash(md5Hash, user.Password, hash)) { return new APIGatewayProxyResponse { StatusCode = 500, Body = null } } ; if (loadedUser != null && (hash != loadedUser.Password || loadedUser.Active == 0)) { return new APIGatewayProxyResponse { StatusCode = 401 } } ; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_tokenManager.Secret)); var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var userClaims = new Claim[] { new Claim("FirstName", loadedUser.FirstName), new Claim("LastName", loadedUser.LastName), new Claim("Email", loadedUser.Email), new Claim("Role", loadedUser.Role.ToString()), new Claim("LastLogin", loadedUser.lastLogin.ToString()), new Claim("UserId", loadedUser._uid.ToString()), new Claim("IsActive", loadedUser.Active.ToString()), }; var jwtToken = new JwtSecurityToken( _tokenManager.Issuer, _tokenManager.Audience, userClaims, expires: DateTime.Now.AddMinutes(_tokenManager.AccessExpiration), signingCredentials: credentials ); var TagisToken = new TagisToken() { Authenticated = new JwtSecurityTokenHandler().WriteToken(jwtToken) }; return(new TypedAPIGatewayProxyResponse <TagisToken>(200, TagisToken)); }
public IActionResult Authenticate([FromBody] UserAuthenticationResource userParam) { var user = _userService.Authenticate(userParam.Username, userParam.Password); if (user == null) { return(BadRequest(new { message = "Username or password is incorrect" })); } return(Ok(user)); }