Lecture thumbnail 0:00 / 0:00 In this lecture, let us try to implement an endpoint means an action method for login.
In the next lecture, we will create a UI for the same.
So when you make a request to account slash login, it has to receive the email address and
password and has to check whether that values are existing in the database or not.
If exists, it has to return a success response, otherwise error response.
First of all, in order to receive the login details, I mean email and password credentials,
let us try to create a DTO, data transfer object.
So right click on DTO folder in the core project, add new item, select class,
login DTO.cs, make it as a public class, and those namespaces are unnecessary.
We would like to receive only email address and password, two values.
Both are mandatory fields and regular expression, I mean email address pattern validation
and even password also mandatory field. Optionally initialize the same with empty string.
After creating this login DTO class, go to the account controller.cs file.
Here we are getting a warning saying that missing XML comment,
because we have exposed XML comments to the swagger.
In order to do so, you try to add XML comments, I mean documentation comments with triple slash
for every controller class as well as action method.
Okay, it is optional to write anything in the summary comment,
it is just to satisfy the warning.
You can also minimize the same here by clicking this minus button.
Even the same goes for the constructor.
You can write a description for the constructor and a description of the parameters.
Okay, now you are going to write another action method that is login,
and it receives a POST request,
and in the request body, we are receiving the email address and password for login purpose,
and the route is login.
So it becomes as API version number account slash login.
Now here, add the validation code just like the above register method.
You can copy paste the same code there.
So it basically checks if the model state is invalid,
then we will return the error messages concatenated as a string
and return the same as a problem result.
Okay, let’s continue the further code that happens when the model state is valid.
Hey, sign in manager, I would like to sign in.
And if you ask me, what is the username and password, I can supply.
From login DTO, I can supply the username.
I mean, here we are using email address as username, and then the password.
Okay, the method is password sign in async.
If you want to log in with the email address and password, then password sign in async.
Otherwise, if you have a user object already, then the method is sign in async.
Okay, use await keyword to call it.
And also you have to supply is persistent equal to either true or false.
In this case, I am just trying to give false.
That means the authentication cookie is not a persistent cookie.
So it will be deleted automatically when you close the browser.
And in addition to that, lockout on failure equal to,
you can supply a boolean value, in this case false.
So in case of true, the account will be automatically locked out
if the user tries to attempt more number of login attempts.
Means for example, if the user tries to log in three or four times or more than that,
that user account will be automatically locked out,
where the user has to click on a link in the email address
in order to reactivate that account.
Just like in the real life applications we do.
Okay, I don’t want to do that.
So lockout on failure feature is disabled here with false.
Okay, if we enable this lockout on failure,
we need to write all the relevant code to reactivate the user account.
Okay, and receive the result.
If the login attempt is successful,
then we will get the application user object based on the email address.
Hey, user manager, I would like to search for the particular user
based on email address.
And that email value come from login DTO.
And if that user is null,
return no content.
Generally, this thing won’t happen,
because already we have signed in with the particular email address.
And we are searching for the particular user based on the same email address.
So definitely that user details must be found in the database.
So you will not get null.
But just to satisfy the compiler to handle the failure case,
we are writing this if statement.
Mostly it comes to the else part.
Otherwise, it will continue the remaining code,
because we have written the return statement.
So if it is not equal to null, it comes here.
Then we will return the OK result
with only person name and email address.
We don’t want to provide the complete user details as response to the client.
Only person name and email, that is enough.
So this thing happens if successful login.
If result is success,
that means the password sign in async is successful.
And also if the user object is found, this thing happens.
But what happens in case of login attempt is unsuccessful?
So it comes to the else case.
And here we can return error message.
That is, for example, a problem result saying that invalid email and password.
So this message will be shown with problem result object.
That’s fine.
So this is the code for login.
Let’s write one more for logout.
So writing in the same way, but this is for logout.
And this is
get request.
Because we are not going to submit any user details with this request.
Simply the URL will be account slash logout.
So no model object here.
And it is going to be very easy.
Hey, sign in manager.
I would like to sign out to the user.
That’s it.
And after that, we can return no content.
So,
we have created two action methods, that is logout as well as login.
If you make a POST request to login,
this method executes
where based on the email address and password, we will sign in.
And we will return the corresponding person name and email as response.
Okay.
In this case, we are not going to return the application user object as response.
So we can mention the return type as IActionResult instead of application user.
That’s fine.
And if you make a request to account slash logout,
it calls the sign out async method through sign in manager
and returns no content.
I mean, empty response.
So that’s all for this lecture.
And in the next lecture, we are going to create user interface in Angular for login functionality.
Play Play Play Stop Play Play Play Play Play Play Play Start Start Start