private static DiagnosticsSession ProcessLogin(NancyContext context, DiagnosticsConfiguration diagnosticsConfiguration, DefaultObjectSerializer serializer)
{
string password = context.Request.Form.Password;
if (!string.Equals(password, diagnosticsConfiguration.Password, StringComparison.Ordinal))
{
return(null);
}
var salt = DiagnosticsSession.GenerateRandomSalt();
var hash = DiagnosticsSession.GenerateSaltedHash(password, salt);
var session = new DiagnosticsSession
{
Hash = hash,
Salt = salt,
Expiry = DateTime.Now.AddMinutes(DiagnosticsSessionTimeoutMinutes),
};
return(session);
}
private static bool SessionPasswordValid(DiagnosticsSession session, string realPassword)
{
var newHash = DiagnosticsSession.GenerateSaltedHash(realPassword, session.Salt);
return(newHash.Length == session.Hash.Length && newHash.SequenceEqual(session.Hash));
}
