/// <summary> /// Logs in the user and creates a session. /// </summary> /// <param name="emailAddress">emailddress of the user</param> /// <param name="password">password of the user</param> public void Login(string emailAddress, string password) { IRetrieveDb<User, String> RetrieveDb = new RetrieveFromUserWithEmail(); HashPassword hash = new HashPassword(); var email = emailAddress; var nonHashedPassword = password; try { var user = RetrieveDb.RetrieveFrom(email); var hashPassword = hash.HashString(password); var hashDbPassword = hash.HashString(user.Password, user.Salt); var isValidPassword = HashPassword.ValidatePassword(password, user.Password); if (isValidPassword) { FormsAuthentication.SetAuthCookie(email, false); USession.CurrentUser.UserId = user.UserId; USession.CurrentUser.Username = email; USession.CurrentUser.FirstName = user.FirstName; USession.CurrentUser.LastName = user.LastName; } else { //password not match throw new InvalidUserException(); } } catch (InvalidUserException ex) { throw ex; } catch (Exception ex) { throw new UnknownErrorException(ex); } }