public static string CreateToken(string name, string email, string username, string role) { var tokenFactory = new JwtTokenFactory(new Base64UrlUtil(true), new RsaSigningUtil("caissekey.pem", "caissekeyp.pem", HashFunctionType.Sha256)); return(tokenFactory.CreateToken("CaisseWebAPI", "CaisseWebApiAuth", name, email, 30, username, new List <string>() { role })); }
public async Task <IActionResult> Login([FromBody] LoginCredentialsModel credentials) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var isValid = await IsValidUser(credentials); if (!isValid) { return(BadRequest("provided credentials are not valid")); } var user = await userManager.FindByNameAsync(credentials.UserName); var token = jwtTokenFactory.CreateToken(user); return(Ok(token)); }
public async Task <IActionResult> GetToken([FromRoute] string base64Url) { var sessionId = httpContextAccessor.HttpContext.Request.Cookies[config["Jwt:MerlinSessionKey"]]; string userId = null; try { if (hostingEnvironment.IsDevelopment()) { userId = "STU"; } else { //need to use single; if more than one user has the same session ID, we should not log them in and throw exception userId = await readContext.EpiUser .Where(user => user.IdSession == sessionId && user.DsLoggedIn == "1") .Select(user => user.IdUser) .SingleAsync(); } var identity = await service.GetIdentityAsync(userId); var token = tokenFactory.CreateToken(identity); return(Ok(new { token })); } catch (Exception ex) { logger.Error($"Failed to Authenticate user '{userId}'", ex); string siteRoot = $"{Request.Scheme}://{Request.Host}{Url.Content("~")}"; string url = Encoding.UTF8.GetString(Convert.FromBase64String(base64Url)); string encodedUrl = WebUtility.UrlEncode(url); string merlinLoginUrl = siteRoot.Replace("MerlinCore", $@"Merlin/default.aspx?returnUrl={encodedUrl}"); return(Redirect(merlinLoginUrl)); } }