public Authentication Authenticate(string username, string password)
{
var user = repository.SelectAll().SingleOrDefault(x => x.Username == username);
var passwordHash = AuthExtensionMethods.HashPassword(password, user.Salt);
var validator = AuthExtensionMethods.VerifyHashedPassword(passwordHash[1], user.Password);
// return null if user not found
if (user == null || !validator)
{
return(null);
}
// authentication successful so generate jwt token
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_authSettings.Secret);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.Name, user.Id.ToString())
}),
Expires = DateTime.UtcNow.AddMinutes(15),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
user.Token = tokenHandler.WriteToken(token);
repository.Update(user);
return(user.WithoutPassword());
}
private static void SeedAuth(ApplicationContext ctx)
{
var hashedPassword = AuthExtensionMethods.HashPassword("test");
var authObj = new Authentication
{
FirstName = "Test",
LastName = "User",
Username = "******",
Password = hashedPassword[1],
Salt = hashedPassword[0],
Token = null,
Active = true
};
ctx.Add(authObj);
ctx.SaveChanges();
}
