AccountController.cs
4.28 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Security.Cryptography;
using System.Text;
using System.Web.Http;
using AIAHTML5.WebAPI.Models;
using AIAHTML5.WebAPI.ViewModels;
using JWT;
using System.Web.Http.Cors;
using Newtonsoft.Json.Linq;
using System.Web.Script.Serialization;
using AIAHTML5.WebAPI.Util;
namespace AIAHTML5.WebAPI.Controllers
{
[EnableCors(origins: "http://localhost/AIA/API/", headers: "accept,content-type,origin,x-my-header", methods: "*")]
public class AccountController : ApiController
{
[AllowAnonymous]
//[Route("signin")]
[HttpPost]
public string Login(string userName, string password)
{
logging obj = new logging();
obj.logData("called api");
var loginSuccess = false;
User userObj = new User();
userObj.userName = "amrita.vishnoi@ebix.com";
userObj.password = "education";
userObj.Id = 1;
if (userName == userObj.userName && password ==userObj.password)
{
loginSuccess = true;
}
else
{
loginSuccess = false;
}
if (loginSuccess)
{
object dbUser;
string token = CreateToken(userObj, out dbUser);
return token;
}
else
{
string msg = "token is not created";
return msg;
//var jsonString = Json(new JavaScriptSerializer().Serialize(new { msg }));
//return JObject.Parse(jsonString.Content);
}
//return response;
}
/// <summary>
/// Create a Jwt with user information
/// </summary>
/// <param name="user"></param>
/// <param name="dbUser"></param>
/// <returns></returns>
private static string CreateToken(User user, out object dbUser)
{
var unixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
var expiry = Math.Round((DateTime.UtcNow.AddHours(2) - unixEpoch).TotalSeconds);
var issuedAt = Math.Round((DateTime.UtcNow - unixEpoch).TotalSeconds);
var notBefore = Math.Round((DateTime.UtcNow.AddMonths(6) - unixEpoch).TotalSeconds);
var payload = new Dictionary<string, object>
{
{"userName", user.userName},
{"userId", user.Id},
{"role", "Admin" },
{"sub", user.Id},
{"nbf", notBefore},
{"iat", issuedAt},
{"exp", expiry}
};
//var secret = ConfigurationManager.AppSettings.Get("jwtKey");
const string apikey = "secretKey";
var token = JsonWebToken.Encode(payload, apikey, JwtHashAlgorithm.HS256);
dbUser = new { user.userName, user.Id };
return token;
}
/// <summary>
/// Creates a random salt to be used for encrypting a password
/// </summary>
/// <returns></returns>
public static string CreateSalt()
{
var data = new byte[0x10];
using (var cryptoServiceProvider = new RNGCryptoServiceProvider())
{
cryptoServiceProvider.GetBytes(data);
return Convert.ToBase64String(data);
}
}
/// <summary>
/// Encrypts a password using the given salt
/// </summary>
/// <param name="password"></param>
/// <param name="salt"></param>
/// <returns></returns>
public static string EncryptPassword(string password, string salt)
{
using (var sha256 = SHA256.Create())
{
var saltedPassword = string.Format("{0}{1}", salt, password);
var saltedPasswordAsBytes = Encoding.UTF8.GetBytes(saltedPassword);
return Convert.ToBase64String(sha256.ComputeHash(saltedPasswordAsBytes));
}
}
}
}