// https://github.com/shawnmclean/SimpleCrypto.net
        public static bool IsPasswordValid(string password, string storedPasswordHash, string salt)
        {
            ICryptoService cryptoService = new PBKDF2();
            string hashedPassword2 = cryptoService.Compute(password, salt);

            return cryptoService.Compare(storedPasswordHash, hashedPassword2);
        }
 public override void Validate(string userName, string password)
 {
     using (var context = new AF_Context())
     {
         const string pepper = "50.L1`(f761OJdG6fc835M(5(+Ju2!P6,4330_N*/%xz<j7(N15KC'8l997'0c0CEg";
         ICryptoService cryptoService = new PBKDF2();
         try
         {
             User u = context.Users.FirstOrDefault(c => c.Login == userName);
             if (u == null)
                 throw new SecurityTokenException("Wrong Username or Password");
             bool verified = cryptoService.Compare(cryptoService.Compute(cryptoService.Compute(password, u.Salt), pepper), u.Password);
             if (!verified)
                 throw new SecurityTokenException("Wrong Username or Password");
         }
         catch (Exception ex)
         {
             throw;
         }
     }
 }