UserContextHash

From
Revision as of 08:26, 15 January 2020 by 99.244.72.184 (talk) (Created page with " The UserContextHash is used to validate the identity of a user or a source system in order to provide STS with secure validation. It’s a SHA256 hash that is generated in t...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The UserContextHash is used to validate the identity of a user or a source system in order to provide STS with secure validation.

It’s a SHA256 hash that is generated in the following manner by concatenating three strings:

Hash = UserContextTimeDate + UserContextID + secret key

The secret key being a value that is specific for the user (stored in a directory) or specific to the STS (defined in the web.config).

 

private bool ValidateHash(string strUsername, string strTimeDate, string strSecret, string strHash)

{ // deal with base64 encoded hashes -> this is what we expect from the HIS submissions

// byte array conversions add "-" to the string

strHash = strHash.Replace("-", "");

strHash = strHash.Replace(" ", "");

string compareHash = generate_sha256hash(strTimeDate + strUsername + strSecret);

compareHash = compareHash.Replace("-", "");

strHash = strHash.Replace("-", "");

if (strHash.ToLower() == compareHash.ToLower())

{ Log("Hash value confirmed for user " + strUsername + ".", Log.LogLevel.Info);

return true; }

return false; }