public static bool TryToAuthenticate(string password)
{
var hash = string.Empty;
var settings = Database.Instance.GetSettings();
try
{
hash = Password.ComputeHash(password, settings.PasswordSalt);
}
catch (Exception)
{
// Password validation failed
}
if (Password.AreEqual(settings.PasswordHash, hash))
{
HttpContext.Current.Session[AUTHENTICATED] = true;
return(true);
}
return(false);
}
public void PasswordHashingTest()
{
var passwordLength = Password.PASSWORD_HASH_SIZE * 2;
var salt = "73a7b6dc8d1d75a0352c3ba917266afa";
var password = "******";
var hash1 = Password.ComputeHash(password, salt);
var hash2 = Password.ComputeHash(password, salt);
var hash3 = Password.ComputeHash(password, salt);
var hash4 = Password.ComputeHash(password + "5", salt);
Assert.IsTrue(hash1.Length == passwordLength);
Assert.IsTrue(hash2.Length == passwordLength);
Assert.IsTrue(hash3.Length == passwordLength);
Assert.IsTrue(hash4.Length == passwordLength);
Assert.IsTrue(Password.AreEqual(hash1, hash2));
Assert.IsTrue(Password.AreEqual(hash1, hash3));
Assert.IsTrue(Password.AreEqual(hash2, hash3));
Assert.IsFalse(Password.AreEqual(hash1, hash4));
Assert.IsFalse(Password.AreEqual(hash2, hash4));
Assert.IsFalse(Password.AreEqual(hash3, hash4));
}