async public Task <IActionResult> Authenticate([FromBody] AuthenticateDataModel model) { //Get values from request, sent by client. string username = model.Email; string password = model.Password; //Client validation passed. Validate credentials. //Does the user have a valid account and did they provide a valid username/password. User user = default(User); //Does user have valid credentials var validated = UserHelper.ValidateUserIdentity(username, password, ref user, null); if (validated == UserValidationResponse.Invalid) { return(BadRequest("Invalid Username or Password")); } else if (validated == UserValidationResponse.LockedOut) { return(BadRequest("Account is Locked. Wait 30 minutes.")); } else if (validated == UserValidationResponse.Invalidated) { return(BadRequest("Email has not been validated")); } SymmetricSecurityKey key = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(ApplicationSettings.SigningKey)); TokenProviderOptions options = new TokenProviderOptions() { Issuer = this.Request.Host.Value, SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256) }; //Client, Tokens, and User validation have all passed. Build the tokens and response object string encodedJwt = await TokenHelper.BuildJwtAuthorizationToken(user, options); UserSlim response = UserHelper.UserToUserSlim(user); var lastSignIn = Builders <User> .Update.Set(u => u.LastSignin, DateTime.Now); User updatedUser = db.Users.Where(u => u.Id == user.Id).FirstOrDefault(); updatedUser.LastSignin = DateTime.Now; db.Update(updatedUser); TokenHelper.BuildResponseCookie(Request.HttpContext, encodedJwt); return(Ok(response)); }