public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { try { IServiceUsuario serviceUsuario = _container.Resolve <IServiceUsuario>(); var request = new UsuarioLoginRequest(); request.Email = context.UserName; request.Senha = context.Password; UsuarioLoginResponse response = serviceUsuario.Autenticar(request); if ((serviceUsuario.IsInvalid()) || (response == null)) { context.SetError("invalid_grant", "Usuário não encontrado."); serviceUsuario.ClearNotifications(); return; } var identity = new ClaimsIdentity(context.Options.AuthenticationType); identity.AddClaim(new Claim(ClaimTypes.Name, response.Nome)); identity.AddClaim(new Claim(ClaimTypes.Role, response.Perfil)); var roles = new List <string>(); roles.Add(response.Perfil); var principal = new GenericPrincipal(identity, roles.ToArray()); Thread.CurrentPrincipal = principal; context.Validated(identity); } catch (Exception ex) { context.SetError("invalid_grant", ex.Message); return; } }
// [AllowAnonymous] public IActionResult Validate([FromBody] UsuarioLoginRequest request) { Usuario user = _usuarioServices.RecuperarPorLogin(request.login); // Mala practica, poner solo un mensaje para ambos casos if (user == null) { return(BadRequest("El usuario no existe")); } if (EncriptaHelper.Decrypt(user.clave) != request.clave) { return(BadRequest("La clave no coincide")); } #region Token // Generar las claims Claim[] claims = new[] { new Claim("codigo", user.idtipousuario.ToString()), new Claim("login", user.login) }; // Generar SigningCredentials SymmetricSecurityKey key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("PalabraSecreta123")); SigningCredentials sec = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); JwtSecurityToken token = new JwtSecurityToken( issuer: "yourdomain.com", audience: "yourdomain.com", claims: claims, expires: DateTime.Now.AddMinutes(10), signingCredentials: sec ); string texto = new JwtSecurityTokenHandler().WriteToken(token); #endregion UsuarioLoginResponse response = new UsuarioLoginResponse { idusuario = user.idusuario, rutaimagen = user.rutaimagen, token = texto }; return(Ok(response)); }