public ActionResult Create(User user)
 {
     if (ModelState.IsValid) {
         userRepository.Insert(user);
         userRepository.Save();
         return RedirectToAction("Index");
     } else {
         return View();
     }
 }
        public void Register(string username, string password, string email)
        {
            /*
                registration means:
                1) check for existing username/emails in repository
                2) create entry in repository in disabled state
                3) send message to new user's email with registration code
            */

            // 1) check for existing user
            var existingUsers =
                from x in _userRepository.All
                where x.ID == username || x.Email == email
                select x;
            if (existingUsers.Count() > 0)
            {
                throw new ValidationException("Username and/or Email already registered");
            }

            // 2) create new user
            var pwd = Hash(password);
            User user = new User()
            {
                ID = username,
                PasswordHash = pwd.HashedPassword,
                PasswordSalt = pwd.Salt,
                Password = pwd.Password,
                Email = email,
                CreateDate = DateTime.Now,
                CanLogin = true,
                FailedPasswordCount = 0,
                LastFailedLogin = null,
                IsRoleRegisteredUser = true
            };

            if (user.ID == "admin") user.IsRoleAdmin = true;

            // persist it all
            _userRepository.Insert(user);
            _userRepository.Save();
        }
        bool Authenticate(User user, string password)
        {
            if (user == null) return false;

            // user flagged as not allowed in
            if (user.CanLogin == false) return false;

            // user surpassed the failed number of guesses
            // and their lockout period hasn't expired
            if (user.FailedPasswordCount >= MaxFailedPasswordAttempts)
            {
                DateTime lastFailedLogin = user.LastFailedLogin.Value;
                if (!(user.LastFailedLogin.Value.AddMinutes(FailedPasswordLockoutPeriod) < DateTime.UtcNow))
                {
                    return false;
                }
            }

            // does password line up with data from DB
            var correctPassword = IsPasswordCorrect(password, user.PasswordSalt, user.PasswordHash);
            if (correctPassword)
            {
                // reset their failed password count
                if (user.FailedPasswordCount > 0)
                {
                    user.FailedPasswordCount = 0;
                }
                user.LastSuccessfulLogin = DateTime.UtcNow;
            }
            else
            {
                // bump the fail count
                user.FailedPasswordCount++;
                user.LastFailedLogin = DateTime.UtcNow;
            }

            _userRepository.Save();

            return correctPassword;
        }