public IHttpActionResult Login(LoginRequest request) { try { User account = _context.Users.Where(a => a.Email == request.Email).SingleOrDefault(); ValidationUtilities.ValidateUserForLogin(request, account); if (account != null) { if (account.IsActiveUser == false) { return(BadRequest(ErrorCodes.USER_DEACTIVATED_BY_ADMIN.ToString())); //var response = HttpUtilities.FrameHTTPResp(System.Net.HttpStatusCode.BadRequest, ErrorCodes.USER_DEACTIVATED_BY_ADMIN); // throw new HttpResponseException(response); } if (account.IsActivated == false) { return(BadRequest(ErrorCodes.USER_NOT_ACVTD.ToString())); } if (!account.IsLocked) { byte[] incoming = AuthorizationUtilities.hash(request.Password, account.Salt); if (Utilities.Utilities.slowEquals(incoming, account.Password)) { if (account.IsActivated) { //Audit Trial Entry. //DbUtilities.AuditTrialEntry(account, AuditTrialStatus.SUCCESS, AuditTrialOpType.LOGIN, this.Request); //Creating a Token ClaimsIdentity claimsIdentity = new ClaimsIdentity(); claimsIdentity.AddClaim(new Claim(Constants.STR_FIRSTNAME, account.FirstName)); claimsIdentity.AddClaim(new Claim(Constants.STR_LASTNAME, account.LastName)); claimsIdentity.AddClaim(new Claim(ClaimTypes.Email, request.Email)); claimsIdentity.AddClaim(new Claim(JwtRegisteredClaimNames.Sub, request.Email)); claimsIdentity.AddClaim(new Claim("UserId", account.Id)); List <Role> roles = (from userMaps in _context.UserRoleMaps.ToList() join rol in _context.Roles.ToList() on userMaps.RoleId equals rol.Id where userMaps.UserId == account.Id && userMaps.Deleted == false select rol).ToList(); if (roles != null && roles.Count > 0) { foreach (var item in roles) { claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, item.RoleName)); //claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, item.RoleName + "|" + item.Id)); } } // Update user details: UpdateUserDetailsInLogin(account); JwtSecurityToken token = AuthorizationUtilities.GetAuthenticationTokenForUser(request.Email, claimsIdentity.Claims.ToArray()); return(Ok(new { Token = token.RawData, Username = request.Email, UserId = account.Id })); } else { return(BadRequest(ErrorCodes.USER_NOT_ACVTD.ToString())); } } else { //Audit Trial Entry. DbUtilities.AuditTrialEntry(account, AuditTrialStatus.FAILURE, AuditTrialOpType.LOGIN, this.Request); // return Unauthorized(); return(BadRequest(ErrorCodes.PASSWORD_NOTMATCHED.ToString())); } } else { return(BadRequest(ErrorCodes.ACCOUNT_LOCKED.ToString())); } } return(Unauthorized()); } catch (HttpResponseException ex) { throw ex; } catch (Exception ex) { LGSELogger.Error(ex); return(InternalServerError(ex)); } }