This endpoint accepts a JSON body containingDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Andrespeerez/porfolio-blog/llms.txt
Use this file to discover all available pages before exploring further.
email and password, delegates credential verification to AuthenticateUser.ExecuteAsync, and—on success—sets an HttpOnly authentication cookie via CookieSessionManager.SignInAsync. If the credentials are invalid (user not found or wrong password), the use case returns AuthResult.Fail("Credenciales incorrectas.") and the endpoint responds with 400 Bad Request, including the error string in the response body.
Request
Method
POSTPath
/api/auth/loginapplication/json
Body parameters
The user’s email address. Must match an existing account in the database.
The user’s plain-text password. Verified against the stored BCrypt hash via
IPasswordHasher.Verify.Extend the session duration. The field is accepted and deserialized by the
LoginRequest DTO but is not yet wired to cookie persistence — the session lifetime is currently controlled solely by the cookie authentication options in Program.cs.Request example
Request body
cURL
Responses
200 OK
Authentication succeeded. The response includes a
Set-Cookie header carrying the ASP.NET Core authentication cookie. Subsequent requests must send this cookie to access protected resources.400 Bad Request
Authentication failed — either the email does not exist or the password does not match. The response body is the plain-text error string returned by
AuthResult.Fail.Response examples
200 OK
400 Bad Request
Response fields
The 200 response has no body. Authentication state is communicated exclusively through the
Set-Cookie header.A plain-text error message. The only value currently returned by the use case is
"Credenciales incorrectas.", used for both unknown email and wrong password to avoid user enumeration.Source reference
The full handler is defined inApi/Auth/Login.cs:
Login.cs
AuthenticateUser use case resolves the user by email, verifies the password hash, and calls ISessionManager.SignInAsync (implemented by CookieSessionManager) to issue the cookie:
AuthenticateUser.cs
AuthResult DTO carries the outcome:
AuthResult.cs
The endpoint is registered in
Program.cs with app.MapLogin(). The middleware pipeline order is important: app.UseAuthentication() must be called before app.UseAuthorization() for the cookie to be correctly set and validated on subsequent requests.