public IActionResult Login(LoginReguestDTO login)
{
if (!_service.CheckValidation(login).Read())
{
return(new BadRequestResult());
}
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, login.Login),
new Claim(ClaimTypes.Name, "Admin")
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecretKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
issuer: "Domds",
audience: "Students",
claims: claims,
expires: DateTime.Now.AddMinutes(10),
signingCredentials: creds
);
return(new OkObjectResult(new
{
token = new JwtSecurityTokenHandler().WriteToken(token),
refreshToken = Guid.NewGuid()
}));
}
public SqlDataReader CheckValidation(LoginReguestDTO login)
{
using (var connection = new SqlConnection())
using (var command = new SqlCommand())
{
connection.ConnectionString = databaseURL;
command.Connection = connection;
connection.Open();
command.CommandText = "SELECT 1 FROM Student WHERE Student.IndexNumber = @index AND Student.Password = @password";
command.Parameters.AddWithValue("index", login.Login);
command.Parameters.AddWithValue("password", login.Password);
return(command.ExecuteReader());
}
}
