AdventureWorks.WebServices.Controllers.IdentityController.GetIsValid C# (CSharp) Метод

        public UserInfo GetIsValid(string id, string requestId, string passwordHash)
        {
            byte[] challenge = null;
            if (requestId != null && ChallengeCache.Contains(requestId))
            {
                // Retrieve the saved challenge bytes
                challenge = (byte[])ChallengeCache[requestId];
                // Delete saved challenge (each challenge is used just one time).
                ChallengeCache.Remove(requestId);
            }

            lock (Identities)
            {
                // Check that credentials are valid.
                if (challenge != null && id != null && passwordHash != null && Identities.ContainsKey(id))
                {
                    // Compute hash for the previously issued challenge string using the password from the server's credentials store as the key.
                    var serverPassword = Encoding.UTF8.GetBytes(Identities[id]);
                    using (var provider = new HMACSHA512(serverPassword))
                    {
                        var serverHashBytes = provider.ComputeHash(challenge);
                        // Authentication succeeds only if client and server have computed the same hash for the challenge string.
                        var clientHashBytes = DecodeFromHexString(passwordHash);
                        if (!serverHashBytes.SequenceEqual(clientHashBytes))
                            throw new HttpResponseException(HttpStatusCode.Unauthorized);
                    }

                    if (HttpContext.Current != null)
                        FormsAuthentication.SetAuthCookie(id, false);
                    return new UserInfo { UserName = id };
                }
                else
                {
                    throw new HttpResponseException(HttpStatusCode.Unauthorized);
                }
            }
        }
        // GET /api/Identity/GetIsValidSession

        public void ValidateUserNameValidPassword()
        {
            var controller = new IdentityController();

            // 1- Get a random password challenge string from the web service.
            const string requestId = "ec609a4f";
            var challengeString = controller.GetPasswordChallenge(requestId);
            Assert.IsFalse(string.IsNullOrEmpty(challengeString));

            // 2 - Hash the challenge string with the correct password and ask the web service to validate the hash.
            var result = controller.GetIsValid("JohnDoe", requestId, CreatePasswordHash("pwd", challengeString));

            // 3- Verify that credentials were validated.
            Assert.IsNotNull(result);
            Assert.AreEqual(result.UserName, "JohnDoe");
        }