public async Task <ActionResult <UserDto> > Login(Userforlogin userforlogin) { var user = await _context.Users.SingleOrDefaultAsync(x => x.Name == userforlogin.username); if (user == null) { return(Unauthorized("Invalid username")); } using var hmac = new HMACSHA512(user.PasswordSalt); var computerhash = hmac.ComputeHash(Encoding.UTF8.GetBytes(userforlogin.Password)); for (int i = 0; i < computerhash.Length; i++) { if (computerhash[i] != user.PasswordHash[i]) { return(Unauthorized("Invalid password")); } } return(new UserDto { username = user.Name, Token = _tokenservice.CreateToken(user) }); }
public async Task <IActionResult> Login(Userforlogin userforlogin) { var userfromrepo = await _repo.Login(userforlogin.username.ToLower(), userforlogin.Password); if (userfromrepo == null) { return(BadRequest("Username already exists")); } // TOKEN BUILDING var claims = new[] { new Claim(ClaimTypes.NameIdentifier, userfromrepo.ID.ToString()), new Claim(ClaimTypes.Name, userfromrepo.Name) }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config.GetSection("AppSettings:Token").Value)); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(claims), Expires = DateTime.Now.AddDays(1), SigningCredentials = creds }; var tokenhandler = new JwtSecurityTokenHandler(); var token = tokenhandler.CreateToken(tokenDescriptor); return(Ok(new { User = userforlogin.username, token = tokenhandler.WriteToken(token) })); }