public IActionResult LoginPost()
{
var username = Request.Form["username"].ToString();
var password = Request.Form["password"].ToString();
var user = Db.Users.FirstOrDefault(x => x.Name == username && x.Password == password);
if (user == null)
{
return(BadRequest("invalid credentials"));
}
var authCookieString = user.Id + "." + user.Name;
var signatureCookieString = AuthHelper.CalcSignature(authCookieString);
var option = new CookieOptions();
option.Expires = DateTime.Now.AddHours(24);
HttpContext.Response.Cookies.Append("session", authCookieString, option);
HttpContext.Response.Cookies.Append("sign", signatureCookieString, option);
return(RedirectToAction("Index", "Home"));
}