private static DiagnosticsSession ProcessLogin(NancyContext context, DiagnosticsConfiguration diagnosticsConfiguration, DefaultObjectSerializer serializer) { string password = context.Request.Form.Password; if (!string.Equals(password, diagnosticsConfiguration.Password, StringComparison.Ordinal)) { return(null); } var salt = DiagnosticsSession.GenerateRandomSalt(); var hash = DiagnosticsSession.GenerateSaltedHash(password, salt); var session = new DiagnosticsSession { Hash = hash, Salt = salt, Expiry = DateTime.Now.AddMinutes(DiagnosticsSessionTimeoutMinutes), }; return(session); }
private static bool SessionPasswordValid(DiagnosticsSession session, string realPassword) { var newHash = DiagnosticsSession.GenerateSaltedHash(realPassword, session.Salt); return(newHash.Length == session.Hash.Length && newHash.SequenceEqual(session.Hash)); }