Пример #1
0
        public async Task <IActionResult> Authenticate([FromBody] UserAuthenticationResource userAuthenticationResource)
        {
            var response = await _userService.Authenticate(userAuthenticationResource.Email, userAuthenticationResource.Password);

            if (!response.Success)
            {
                return(BadRequest(response.Error));
            }

            var tokenHandler    = new JwtSecurityTokenHandler();
            var key             = Encoding.ASCII.GetBytes(_appSettings.Secret);
            var tokenDescriptor = new SecurityTokenDescriptor
            {
                Subject = new ClaimsIdentity(new Claim[]
                {
                    new Claim(ClaimTypes.Name, response.Result.Id.ToString())
                }),
                Expires            = DateTime.UtcNow.AddDays(7),
                SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
            };
            var token       = tokenHandler.CreateToken(tokenDescriptor);
            var tokenString = tokenHandler.WriteToken(token);

            // return basic user info (without password) and token to store client side
            UserWithTokenResource userToken = new UserWithTokenResource();

            userToken.Id        = response.Result.Id;
            userToken.Email     = response.Result.Email;
            userToken.FirstName = response.Result.FirstName;
            userToken.LastName  = response.Result.LastName;
            userToken.Token     = tokenString;

            return(Ok(userToken));
        }
Пример #2
0
        public APIGatewayProxyResponse Authenticate([FromBody] UserAuthenticationResource user)
        {
            User loadedUser = _context.Users.SingleOrDefault(u => u.Email == user.Email);

            MD5 md5Hash = MD5.Create();

            string hash = GetMd5Hash(md5Hash, user.Password);

            if (!VerifyMd5Hash(md5Hash, user.Password, hash))
            {
                return new APIGatewayProxyResponse {
                           StatusCode = 500, Body = null
                }
            }
            ;


            if (loadedUser != null && (hash != loadedUser.Password || loadedUser.Active == 0))
            {
                return new APIGatewayProxyResponse {
                           StatusCode = 401
                }
            }
            ;


            var key         = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_tokenManager.Secret));
            var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

            var userClaims = new Claim[] {
                new Claim("FirstName", loadedUser.FirstName),
                new Claim("LastName", loadedUser.LastName),
                new Claim("Email", loadedUser.Email),
                new Claim("Role", loadedUser.Role.ToString()),
                new Claim("LastLogin", loadedUser.lastLogin.ToString()),
                new Claim("UserId", loadedUser._uid.ToString()),
                new Claim("IsActive", loadedUser.Active.ToString()),
            };

            var jwtToken = new JwtSecurityToken(
                _tokenManager.Issuer,
                _tokenManager.Audience,
                userClaims,
                expires: DateTime.Now.AddMinutes(_tokenManager.AccessExpiration),
                signingCredentials: credentials
                );

            var TagisToken = new TagisToken()
            {
                Authenticated = new JwtSecurityTokenHandler().WriteToken(jwtToken)
            };

            return(new TypedAPIGatewayProxyResponse <TagisToken>(200, TagisToken));
        }
Пример #3
0
        public IActionResult Authenticate([FromBody] UserAuthenticationResource userParam)
        {
            var user = _userService.Authenticate(userParam.Username, userParam.Password);

            if (user == null)
            {
                return(BadRequest(new { message = "Username or password is incorrect" }));
            }

            return(Ok(user));
        }