public IActionResult UserLogin([FromBody] UserLoginDetails userLoginDetails) { //int queryResult = -1; //Set query result to fail. string connectionString = Configuration["ConnectionStrings:DefaultConnectionString"]; string password = ""; //Create user var user = new CurrentUserDetails(); using (SqlConnection connection = new SqlConnection(connectionString)) { //Create the SQL command and set type to stored procedure. SqlCommand command = new SqlCommand("User_Login", connection); command.CommandType = System.Data.CommandType.StoredProcedure; //Set the parameters for the command. command.Parameters.AddWithValue("@username", userLoginDetails.Username); connection.Open(); //Execute the query and store the result using (SqlDataReader reader = command.ExecuteReader()) { if (reader.HasRows) { while (reader.Read()) { user.UserID = reader.GetInt32(reader.GetOrdinal("UserID")); user.Username = reader.GetString(reader.GetOrdinal("Username")); password = reader.GetString(reader.GetOrdinal("Password")); user.UserRole = reader.GetString(reader.GetOrdinal("Role")); user.Firstname = reader.GetString(reader.GetOrdinal("Firstname")); user.Surname = reader.GetString(reader.GetOrdinal("Surname")); user.GroupID = reader.GetInt32(reader.GetOrdinal("GroupID")); } reader.Close(); } else { return(BadRequest("Login credentials invalid")); } } connection.Close(); } bool passwordsMatch = VerifyPasswordHashAndSalt(userLoginDetails.Password, password); // Check Error if (!passwordsMatch) { //FAIL //Return bad request. return(BadRequest("Login credentials invalid")); } //Get user JWT user.JWT = CreateJWT(user.UserID, user.Username, user.UserRole);; //Return OK result with user return(Ok(new { user })); }
public IActionResult VerifyJWT([FromBody] string jsonWebTokenString)//Might need different type. { //Get secret key from appsettings.json. var secretKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["JWT:SecretKey"])); //Set token validation parameters. var tokenValidationParameters = new TokenValidationParameters { IssuerSigningKey = secretKey, ValidAudience = Configuration["JWT:ValidAudience"], ValidIssuer = Configuration["JWT:ValidIssuer"], ValidateLifetime = true, ClockSkew = TimeSpan.Zero }; //var tokenValidationParameters = GetValidationParameters(); //Generate claims principal. SecurityToken securityToken; ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal(); try { claimsPrincipal = new JwtSecurityTokenHandler().ValidateToken(jsonWebTokenString, tokenValidationParameters, out securityToken); } catch { return(BadRequest("Invalid JWT")); } if (claimsPrincipal == null) { return(BadRequest("Invalid JWT")); } //Generate claims identity. ClaimsIdentity identity = (ClaimsIdentity)claimsPrincipal.Identity; if (identity == null) { return(BadRequest("Invalid JWT")); } int userID = Int32.Parse(identity.FindFirst("UserID").Value); string connectionString = Configuration["ConnectionStrings:DefaultConnectionString"]; //Create user var user = new CurrentUserDetails(); using (SqlConnection connection = new SqlConnection(connectionString)) { //Create the SQL command and set type to stored procedure. SqlCommand command = new SqlCommand("User_GetByID", connection); command.CommandType = System.Data.CommandType.StoredProcedure; //Set the parameters for the command. command.Parameters.AddWithValue("@userID", userID); connection.Open(); //Execute the query and store the result using (SqlDataReader reader = command.ExecuteReader()) { if (reader.HasRows) { while (reader.Read()) { user.UserID = reader.GetInt32(reader.GetOrdinal("UserID")); user.Username = reader.GetString(reader.GetOrdinal("Username")); user.UserRole = reader.GetString(reader.GetOrdinal("Role")); user.Firstname = reader.GetString(reader.GetOrdinal("Firstname")); user.Surname = reader.GetString(reader.GetOrdinal("Surname")); user.GroupID = reader.GetInt32(reader.GetOrdinal("GroupID")); } reader.Close(); } else { return(BadRequest("Could not find matching user.")); } } connection.Close(); } //Get user JWT user.JWT = CreateJWT(user.UserID, user.Username, user.UserRole); //Return OK result with user return(Ok(new { user })); }