private bool ValidateUser(User user, string password)
        {
            if (user == null)
            {
                return false;
            }

            return this.CreateHash(password, user.Nonce) == user.Password;
        }
        public MembershipCreateStatus CreateUser(string firstName, string lastName, 
            string password, string email)
        {
            if (String.IsNullOrEmpty(firstName)) throw new ArgumentException("Value cannot be null or empty.", "firstName");
            if (String.IsNullOrEmpty(lastName)) throw new ArgumentException("Value cannot be null or empty.", "lastName");
            if (String.IsNullOrEmpty(password)) throw new ArgumentException("Value cannot be null or empty.", "password");
            if (String.IsNullOrEmpty(email)) throw new ArgumentException("Value cannot be null or empty.", "email");

            var user = new User();
            user.Email = email;
            user.FirstName = firstName;
            user.LastName = lastName;
            user.Nonce = this.CreateNonce();
            user.Password = this.CreateHash(password, user.Nonce);
            user.Role = _Session.QueryOver<Role>().Where(x => x.RoleName == "UserRole").SingleOrDefault();
            _Session.Save(user);

            return MembershipCreateStatus.Success;
        }