public IActionResult Login(string username, string pwd) { if (AuthUtil.IsValidLogin(username, pwd)) { var token = AuthUtil.GenerateToken(username); return(new ObjectResult(token)); } return(BadRequest()); }