private static void AddUpdateSessionCookie(DiagnosticsSession session, NancyContext context, DiagnosticsConfiguration diagnosticsConfiguration, DefaultObjectSerializer serializer) { if (context.Response == null) { return; } session.Expiry = DateTime.Now.AddMinutes(DiagnosticsSessionTimeoutMinutes); var serializedSession = serializer.Serialize(session); var encryptedSession = diagnosticsConfiguration.CryptographyConfiguration.EncryptionProvider.Encrypt(serializedSession); var hmacBytes = diagnosticsConfiguration.CryptographyConfiguration.HmacProvider.GenerateHmac(encryptedSession); var hmacString = Convert.ToBase64String(hmacBytes); var cookie = new NancyCookie(DiagsCookieName, String.Format("{1}{0}", encryptedSession, hmacString), true); context.Response.AddCookie(cookie); }
private string GetSessionCookieValue(string password, DateTime? expiry = null) { var salt = DiagnosticsSession.GenerateRandomSalt(); var hash = DiagnosticsSession.GenerateSaltedHash(password, salt); var session = new DiagnosticsSession { Hash = hash, Salt = salt, Expiry = expiry.HasValue ? expiry.Value : DateTime.Now.AddMinutes(15), }; var serializedSession = this.objectSerializer.Serialize(session); var encryptedSession = this.cryptoConfig.EncryptionProvider.Encrypt(serializedSession); var hmacBytes = this.cryptoConfig.HmacProvider.GenerateHmac(encryptedSession); var hmacString = Convert.ToBase64String(hmacBytes); return String.Format("{1}{0}", encryptedSession, hmacString); }
private static DiagnosticsSession ProcessLogin(NancyContext context, DiagnosticsConfiguration diagnosticsConfiguration, DefaultObjectSerializer serializer) { string password = context.Request.Form.Password; if (!string.Equals(password, diagnosticsConfiguration.Password, StringComparison.Ordinal)) { return(null); } var salt = DiagnosticsSession.GenerateRandomSalt(); var hash = DiagnosticsSession.GenerateSaltedHash(password, salt); var session = new DiagnosticsSession { Hash = hash, Salt = salt, Expiry = DateTime.Now.AddMinutes(DiagnosticsSessionTimeoutMinutes), }; return(session); }
private static bool SessionPasswordValid(DiagnosticsSession session, string realPassword) { var newHash = DiagnosticsSession.GenerateSaltedHash(realPassword, session.Salt); return(newHash.Length == session.Hash.Length && newHash.SequenceEqual(session.Hash)); }
private static DiagnosticsSession ProcessLogin(NancyContext context, DiagnosticsConfiguration diagnosticsConfiguration, DefaultObjectSerializer serializer) { string password = context.Request.Form.Password; if (!string.Equals(password, diagnosticsConfiguration.Password, StringComparison.Ordinal)) { return null; } var salt = DiagnosticsSession.GenerateRandomSalt(); var hash = DiagnosticsSession.GenerateSaltedHash(password, salt); var session = new DiagnosticsSession { Hash = hash, Salt = salt, Expiry = DateTime.Now.AddMinutes(diagnosticsConfiguration.SlidingTimeout) }; return session; }
private static bool SessionPasswordValid(DiagnosticsSession session, string realPassword) { var newHash = DiagnosticsSession.GenerateSaltedHash(realPassword, session.Salt); return (newHash.Length == session.Hash.Length && newHash.SequenceEqual(session.Hash)); }
private static void AddUpdateSessionCookie(DiagnosticsSession session, NancyContext context, DiagnosticsConfiguration diagnosticsConfiguration, DefaultObjectSerializer serializer) { if (context.Response == null) { return; } session.Expiry = DateTime.Now.AddMinutes(diagnosticsConfiguration.SlidingTimeout); var serializedSession = serializer.Serialize(session); var encryptedSession = diagnosticsConfiguration.CryptographyConfiguration.EncryptionProvider.Encrypt(serializedSession); var hmacBytes = diagnosticsConfiguration.CryptographyConfiguration.HmacProvider.GenerateHmac(encryptedSession); var hmacString = Convert.ToBase64String(hmacBytes); var cookie = new NancyCookie(diagnosticsConfiguration.CookieName, String.Format("{1}{0}", encryptedSession, hmacString), true); context.Response.AddCookie(cookie); }