public override bool ValidateUser(string username, string password)
        {
            using (SecurityDAO secDAO = new SecurityDAO())
            {
                User user = secDAO.ReadUserByName(username);
                if (user == null)
                    return false;

                string hashedPassword = secDAO.EncodePassword(password, user.Salt);

                bool isValid = (!user.Blocked && user.Password == hashedPassword);
                if (isValid)
                {
                    secDAO.RecordUserLoginSuccess(user);
                }
                else
                {
                    //TODO record user login attemp failure
                    secDAO.RecordUserLoginFailure(user);
                }
                return isValid;
            }
        }