public async Task <UserEntity> Authenticate(UserEntity user, CancellationToken cancellationToken) { if (user == null) { throw new ArgumentNullException(nameof(user)); } if (string.IsNullOrEmpty(user.Username)) { throw new ArgumentException("Username is null!"); } if (string.IsNullOrEmpty(user.Password)) { throw new ArgumentException("Password is null!"); } UserEntity userEntity = await _repository.GetByUsername(user.Username, cancellationToken); if (userEntity == null || !_dataProtection.VerifyPassword(user.Password, userEntity.Password)) { // authentication failed return(null); } return(userEntity); }