private bool ValidateUser(string password, Data.IRepository<User> q, User usr)
        {
            if (CheckPassword(password, usr.Password))
            {
                if (usr.IsApproved)
                {
                    q.Update(new { LastLoginDate = DateTime.Now }, p => p.Id == usr.Id);
                    return true;
                }
                return false;
            }

            UpdatePasswordFailureCount(usr);
            return false;
        }
 private User NewUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved)
 {
     var createDate = DateTime.Now;
     var user = new User();
     user.UserName = username;
     user.Password = EncodePassword(password);
     user.Email = email;
     user.Question = passwordQuestion;
     user.Answer = EncodePassword(passwordAnswer);
     user.IsApproved = isApproved;
     user.Comment = "";
     user.CreationDate = createDate;
     user.LastPasswordChangedDate = createDate;
     user.LastActivityDate = createDate;
     user.ApplicationName = ApplicationName;
     user.IsLockedOut = false;
     user.LastLockedOutDate = createDate;
     user.FailedPasswordAttemptCount = 0;
     user.FailedPasswordAttemptWindowStart = createDate;
     user.FailedAnswerAttemptCount = 0;
     user.FailedAnswerAttemptWindowStart = createDate;
     return user;
 }
        private void UpdatePasswordFailureCount(User usr)
        {
            var failureCount = usr.FailedPasswordAttemptCount;
            var windowStart = usr.FailedPasswordAttemptWindowStart;

            DateTime windowEnd = windowStart.AddMinutes(PasswordAttemptWindow);

            var q = UnitOfWork.Current.CreateRepository<User>();

            if (failureCount == 0 || DateTime.Now > windowEnd)
            {
                q.Update(new { FailedPasswordAttemptCount = 1, FailedPasswordAttemptWindowStart = DateTime.Now }, p => p.Id == usr.Id);
                return;
            }

            if (failureCount++ >= MaxInvalidPasswordAttempts)
                q.Update(new { IsLockedOut = true, LastLockedOutDate = DateTime.Now }, p => p.Id == usr.Id);
            else
                q.Update(new { FailedPasswordAttemptCount = failureCount }, p => p.Id == usr.Id);
        }
        private MembershipUser MapMembershipUser(User usr)
        {
            var u = new MembershipUser(this.Name,
                                        usr.UserName,
                                        usr.Id,
                                        usr.Email,
                                        usr.Question,
                                        usr.Comment,
                                        usr.IsApproved,
                                        usr.IsLockedOut,
                                        usr.CreationDate,
                                        usr.LastLoginDate,
                                        usr.LastActivityDate,
                                        usr.LastPasswordChangedDate,
                                        usr.LastLockedOutDate);

            return u;
        }