public async Task <ActionResult <User> > Post([FromBody] User user) { try { user.Password = EncryptPassword.ConvertToEncrypt(user.Password); context.User.Add(user); await context.SaveChangesAsync(); return(Ok()); } catch (SqlException) { return(StatusCode(409)); } catch (DbUpdateException) { return(StatusCode(409)); } }
public ActionResult <User> GetUserByEmailAndPassword(string email, string password) { try { User user = context.User.Single(u => u.Email == email && u.Password == EncryptPassword.ConvertToEncrypt(password)); user.Password = EncryptPassword.ConvertToDecrypt(user.Password); var secretKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("superSecretKey@345")); var signingCredentials = new SigningCredentials(secretKey, SecurityAlgorithms.HmacSha256); var tokenOptions = new JwtSecurityToken( issuer: "http://localhost:16615", audience: "http://localhost:16615", claims: new List <Claim>(), expires: DateTime.Now.AddMinutes(5), signingCredentials: signingCredentials ); var tokenString = new JwtSecurityTokenHandler().WriteToken(tokenOptions); HttpContext.Response.Headers.Add("Access-Control-Allow-Origin", "*"); HttpContext.Response.Headers.Add("Access-Control-Allow-Credentials", "true"); HttpContext.Response.Cookies.Append("access_token", tokenString, new CookieOptions() { HttpOnly = true }); return(Ok(new { User = user })); } catch (ArgumentException) { return(BadRequest("Wrong credentials!")); } catch (InvalidOperationException) { return(Unauthorized()); } }