public LoginResponse Login(LoginRequest request) { var sha = new SHA512Managed(); string passwordHash = EncodeBase64(sha.ComputeHash(request.Password.EncodeUTF8())); string dbHash = null; using (var cmd = _connection.CreateCommand()) { cmd.CommandText = "SELECT password_hash FROM users WHERE username = @userName"; cmd.Parameters.AddWithValue("@userName", NpgsqlDbType.Text, request?.UserID?.ToLower().IfNullThenDBNull()); dbHash = (string)cmd.ExecuteScalar(); } if (dbHash != passwordHash) { throw new WebApiException(401, "Invalid username or password."); } var session = _cache.CreateSession(request.UserID.ToLower()); return(new LoginResponse() { SessionID = session.SessionID }); }