public ActionResult Login(HospitalLogin login, string ReturnUrl) { string message = ""; using (DonorEntities dc = new DonorEntities()) { var v = dc.Hospitals.Where(a => a.EmailID == login.EmailId).FirstOrDefault(); if (v != null) { if (v.IsEmailVerified == true) { if (string.Compare(Crypto.Hash(login.Password), v.Password) == 0) { int timeout = login.RememberMe ? 525600 : 20; var ticket = new FormsAuthenticationTicket(login.EmailId, login.RememberMe, timeout); string encrypted = FormsAuthentication.Encrypt(ticket); var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encrypted); cookie.Expires = DateTime.Now.AddMinutes(timeout); cookie.HttpOnly = true; Response.Cookies.Add(cookie); if (Url.IsLocalUrl(ReturnUrl)) { return(Redirect(ReturnUrl)); } else { return(RedirectToAction("HospitalIndex", "Home")); } } else { message = "Invalid Password"; } } else { message = "Account Not Verified"; } } else { message = "Invalid Credentials"; } } ViewBag.Message = message; return(View()); }
public async Task <IActionResult> Login([FromBody] HospitalLogin model) { var user = _userManager.Users.FirstOrDefault(e => e.Email == model.Email); var hospital = this._context.Hospitals.FirstOrDefault(e => e.Email == model.Email); if (user != null && await _userManager.CheckPasswordAsync(user, model.Password)) // valid user // { var role = await _userManager.GetRolesAsync(user); IdentityOptions options = new IdentityOptions(); var secretKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("superSecretKey@345")); var signinCredentials = new SigningCredentials(secretKey, SecurityAlgorithms.HmacSha256); var tokeOptions = new JwtSecurityToken( issuer: "https://localhost:44309/", audience: "https://localhost:44309/", claims: new List <Claim>() { new Claim(options.ClaimsIdentity.RoleClaimType, role.FirstOrDefault()) }, expires: DateTime.Now.AddDays(1), signingCredentials: signinCredentials ); var tokenString = new JwtSecurityTokenHandler().WriteToken(tokeOptions); return(Ok(new { Token = tokenString, Id = hospital.Id })); } return(BadRequest(new { message = "patientSSN or password is incorrect." })); }