public void VerifyHashTest()
{
const string password = "******";
var hash = PasswordUtility.HashPassword(password);
var hashVerify = PasswordUtility.VerfiyHash(hash, password);
Assert.IsTrue(hashVerify);
var badPassword = PasswordUtility.VerfiyHash(hash, "Fake123");
Assert.IsFalse(badPassword);
}
public AuthResponse Authenticate(string user, string password)
{
var userData = new UsersRepo().GetUser(user.Trim());
var goodPassword = PasswordUtility.VerfiyHash(userData.PasswordHash, password.Trim());
if (goodPassword)
{
var tokenHandler = new JwtSecurityTokenHandler();
var tokenIssueDate = DateTime.Now;
var tokenExpiration = DateTime.Now.AddHours(12);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new List <Claim> {
new Claim("User", user.Trim().ToLower()), new Claim("UserId", userData.UserId), new Claim("Email", userData.Email)
}),
Expires = tokenExpiration,
//TODO: Get this out of a config or DB
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(ConnectionUtility.GetSharedSecret())), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
return(new AuthResponse
{
Authenticated = true,
Username = user,
AccessToken = tokenHandler.WriteToken(token),
TokenIssueDate = tokenIssueDate,
TokenExpirationDate = tokenExpiration
});
}
else
{
return(new AuthResponse {
Authenticated = false, Username = user
});
}
}
