public ActionResult <User> GetUserByEmailAndPassword(string email, string password)
{
try
{
User user = context.User.Single(u => u.Email == email && u.Password == EncryptPassword.ConvertToEncrypt(password));
user.Password = EncryptPassword.ConvertToDecrypt(user.Password);
var secretKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("superSecretKey@345"));
var signingCredentials = new SigningCredentials(secretKey, SecurityAlgorithms.HmacSha256);
var tokenOptions = new JwtSecurityToken(
issuer: "http://localhost:16615",
audience: "http://localhost:16615",
claims: new List <Claim>(),
expires: DateTime.Now.AddMinutes(5),
signingCredentials: signingCredentials
);
var tokenString = new JwtSecurityTokenHandler().WriteToken(tokenOptions);
HttpContext.Response.Headers.Add("Access-Control-Allow-Origin", "*");
HttpContext.Response.Headers.Add("Access-Control-Allow-Credentials", "true");
HttpContext.Response.Cookies.Append("access_token", tokenString, new CookieOptions()
{
HttpOnly = true
});
return(Ok(new { User = user }));
}
catch (ArgumentException)
{
return(BadRequest("Wrong credentials!"));
}
catch (InvalidOperationException)
{
return(Unauthorized());
}
}
