/// <summary>
/// Logs in the user and creates a session.
/// </summary>
/// <param name="emailAddress">emailddress of the user</param>
/// <param name="password">password of the user</param>
public void Login(string emailAddress, string password)
{
IRetrieveDb<User, String> RetrieveDb = new RetrieveFromUserWithEmail();
HashPassword hash = new HashPassword();
var email = emailAddress;
var nonHashedPassword = password;
try
{
var user = RetrieveDb.RetrieveFrom(email);
var hashPassword = hash.HashString(password);
var hashDbPassword = hash.HashString(user.Password, user.Salt);
var isValidPassword = HashPassword.ValidatePassword(password, user.Password);
if (isValidPassword)
{
FormsAuthentication.SetAuthCookie(email, false);
USession.CurrentUser.UserId = user.UserId;
USession.CurrentUser.Username = email;
USession.CurrentUser.FirstName = user.FirstName;
USession.CurrentUser.LastName = user.LastName;
}
else
{
//password not match
throw new InvalidUserException();
}
}
catch (InvalidUserException ex)
{
throw ex;
}
catch (Exception ex)
{
throw new UnknownErrorException(ex);
}
}
