public UserSessions CreateNewUserSession(int id, LoginModel user) { string token = CreateRandomToken(); string tokenSalt = string.Empty; //use User create timestamp and web.config secret key to encrypt newly created token (guids...) string tokenEncryptKey = DateTime.Now + ConfigurationManager.AppSettings["ENCRYPT_LINK_KEY"]; string encryptedToken = AesEncryptionHelper.Encrypt(token, tokenEncryptKey, ref tokenSalt); // use newly created token (guids...) and web.config secret to encrypt session id, use same salt as used by token string sessionCookieEncryptKey = token + ":" + ConfigurationManager.AppSettings["ENCRYPT_LINK_KEY"]; string doubleSubmitSessionCookie = AesEncryptionHelper.Encrypt(Guid.NewGuid().ToString(), sessionCookieEncryptKey, ref tokenSalt); var userSession = new UserSessions { UserId = id, AuthToken = encryptedToken.Base64ToBase64URL(), //since we may use this authToken in a URL later, let's make sure it's URL safe. AuthExpiration = DateTime.UtcNow.AddMinutes(12 * 60), IsExpired = false, HardAbsoluteExpirationTime = DateTime.UtcNow.AddMinutes(12 * 60), AuthTokenSalt = tokenSalt, AuthDoubleSubmitSessionIdCookie = doubleSubmitSessionCookie, }; return(userSession); }
public void Encryption_With_Text_Success() { EncryptionConfiguration encryptionConfiguration = new EncryptionConfiguration(DefaultKey); IAesEncryptionHelper aesEncryptionHelper = new AesEncryptionHelper(encryptionConfiguration); var text = "aesEncrypt"; var encrypted = aesEncryptionHelper.Encrypt(text); Assert.NotNull(encrypted); Assert.NotEmpty(encrypted); }