public AuthenticationResultDto AttemptAuthentication(string Username, string Password, System.Net.IPAddress clientIP) { AuthenticationResultDto result = new AuthenticationResultDto(); bool success = false; var user = _userRepository.GetQuery().Where(x => x.Username == Username).FirstOrDefault(); if (user == null) { result.ErrorMessage = "Invalid username"; } else { if (user.DeactivatedAt == null) { success = _cipherService.SHA256HashMatches(Password, user.Salt, user.PasswordHash); if (!success) { result.ErrorMessage = "Invalid password"; } } else { result.ErrorMessage = "This user account is inactive. Contact an administrator."; } } _nhSession.Save(new AuthenticationAttempt() { OccurredAt = DateTime.UtcNow, Username = Username, WasSuccessful = success, ClientIP = clientIP.ToString() }); result.User = _mapper.Map <User, UserDto>(user); return(result); }