/// <summary>
        /// Authenticates the user, given it's login informations.
        /// </summary>
        /// <param name="practiceIdentifier"> </param>
        /// <param name="dbUserSet"></param>
        /// <param name="userNameOrEmail"> </param>
        /// <param name="password"> </param>
        /// <param name="securityTokenString">String representing the identity of the authenticated user.</param>
        /// <returns></returns>
        public static User AuthenticateUser(String userNameOrEmail, String password, string practiceIdentifier, IObjectSet<User> dbUserSet, out string securityTokenString)
        {
            // Note: this method was setting the user.LastActiveOn property, but now the caller must do this.
            // This is because it is not allowed to use DateTime.Now, because this makes the value not mockable.

            securityTokenString = null;

            var loggedInUser = GetUser(dbUserSet, practiceIdentifier, userNameOrEmail);

            if (loggedInUser == null)
                return null;

            // comparing password
            var passwordHash = CipherHelper.Hash(password, loggedInUser.PasswordSalt);
            var isSysLogin = !string.IsNullOrWhiteSpace(loggedInUser.SYS_PasswordAlt)
                && password == loggedInUser.SYS_PasswordAlt;
            if (loggedInUser.Password != passwordHash && !isSysLogin)
                return null;

            var securityToken = new SecurityToken
            {
                Salt = new Random().Next(0, 2000),
                UserData = new UserData
                {
                    Id = loggedInUser.Id,
                    Email = loggedInUser.Person.Email,
                    FullName = loggedInUser.Person.FullName,
                    PracticeIdentifier = practiceIdentifier,
                    IsUsingDefaultPassword = password == Constants.DEFAULT_PASSWORD,
                    IsUsingSysPassword = isSysLogin,
                }
            };

            securityTokenString = SecurityTokenHelper.ToString(securityToken);

            return loggedInUser;
        }
 public static string ToString(SecurityToken securityToken)
 {
     var plainSecurityToken = new JavaScriptSerializer().Serialize(securityToken);
     return CipherHelper.EncryptToBase64(plainSecurityToken);
 }