Beispiel #1
0
        private static void AddUpdateSessionCookie(DiagnosticsSession session, NancyContext context, DiagnosticsConfiguration diagnosticsConfiguration, DefaultObjectSerializer serializer)
        {
            if (context.Response == null)
            {
                return;
            }

            session.Expiry = DateTime.Now.AddMinutes(DiagnosticsSessionTimeoutMinutes);
            var serializedSession = serializer.Serialize(session);

            var encryptedSession = diagnosticsConfiguration.CryptographyConfiguration.EncryptionProvider.Encrypt(serializedSession);
            var hmacBytes        = diagnosticsConfiguration.CryptographyConfiguration.HmacProvider.GenerateHmac(encryptedSession);
            var hmacString       = Convert.ToBase64String(hmacBytes);

            var cookie = new NancyCookie(DiagsCookieName, String.Format("{1}{0}", encryptedSession, hmacString), true);

            context.Response.AddCookie(cookie);
        }
        private string GetSessionCookieValue(string password, DateTime? expiry = null)
        {
            var salt = DiagnosticsSession.GenerateRandomSalt();
            var hash = DiagnosticsSession.GenerateSaltedHash(password, salt);
            var session = new DiagnosticsSession
                {
                    Hash = hash,
                    Salt = salt,
                    Expiry = expiry.HasValue ? expiry.Value : DateTime.Now.AddMinutes(15),
                };

            var serializedSession = this.objectSerializer.Serialize(session);

            var encryptedSession = this.cryptoConfig.EncryptionProvider.Encrypt(serializedSession);
            var hmacBytes = this.cryptoConfig.HmacProvider.GenerateHmac(encryptedSession);
            var hmacString = Convert.ToBase64String(hmacBytes);

            return String.Format("{1}{0}", encryptedSession, hmacString);
        }
Beispiel #3
0
        private static DiagnosticsSession ProcessLogin(NancyContext context, DiagnosticsConfiguration diagnosticsConfiguration, DefaultObjectSerializer serializer)
        {
            string password = context.Request.Form.Password;

            if (!string.Equals(password, diagnosticsConfiguration.Password, StringComparison.Ordinal))
            {
                return(null);
            }

            var salt    = DiagnosticsSession.GenerateRandomSalt();
            var hash    = DiagnosticsSession.GenerateSaltedHash(password, salt);
            var session = new DiagnosticsSession
            {
                Hash   = hash,
                Salt   = salt,
                Expiry = DateTime.Now.AddMinutes(DiagnosticsSessionTimeoutMinutes),
            };

            return(session);
        }
Beispiel #4
0
        private static bool SessionPasswordValid(DiagnosticsSession session, string realPassword)
        {
            var newHash = DiagnosticsSession.GenerateSaltedHash(realPassword, session.Salt);

            return(newHash.Length == session.Hash.Length && newHash.SequenceEqual(session.Hash));
        }
Beispiel #5
0
        private static DiagnosticsSession ProcessLogin(NancyContext context, DiagnosticsConfiguration diagnosticsConfiguration, DefaultObjectSerializer serializer)
        {
            string password = context.Request.Form.Password;

            if (!string.Equals(password, diagnosticsConfiguration.Password, StringComparison.Ordinal))
            {
                return null;
            }

            var salt = DiagnosticsSession.GenerateRandomSalt();
            var hash = DiagnosticsSession.GenerateSaltedHash(password, salt);
            var session = new DiagnosticsSession
            {
                Hash = hash,
                Salt = salt,
                Expiry = DateTime.Now.AddMinutes(diagnosticsConfiguration.SlidingTimeout)
            };

            return session;
        }
Beispiel #6
0
        private static bool SessionPasswordValid(DiagnosticsSession session, string realPassword)
        {
            var newHash = DiagnosticsSession.GenerateSaltedHash(realPassword, session.Salt);

            return (newHash.Length == session.Hash.Length && newHash.SequenceEqual(session.Hash));
        }
Beispiel #7
0
        private static void AddUpdateSessionCookie(DiagnosticsSession session, NancyContext context, DiagnosticsConfiguration diagnosticsConfiguration, DefaultObjectSerializer serializer)
        {
            if (context.Response == null)
            {
                return;
            }

            session.Expiry = DateTime.Now.AddMinutes(diagnosticsConfiguration.SlidingTimeout);
            var serializedSession = serializer.Serialize(session);

            var encryptedSession = diagnosticsConfiguration.CryptographyConfiguration.EncryptionProvider.Encrypt(serializedSession);
            var hmacBytes = diagnosticsConfiguration.CryptographyConfiguration.HmacProvider.GenerateHmac(encryptedSession);
            var hmacString = Convert.ToBase64String(hmacBytes);

            var cookie = new NancyCookie(diagnosticsConfiguration.CookieName, String.Format("{1}{0}", encryptedSession, hmacString), true);

            context.Response.AddCookie(cookie);
        }