public async Task <User> Login(string username, string password) { var user = await Load(username); if (user == null) { throw new AuthenticationFailedException(); } if (user.UserStateId == UserStates.Disabled) { throw new AuthenticationFailedException(); } var inputPasswordHash = _hasher.Hash(password, user.PasswordSalt); if (!_hasher.AreEquals(user.PasswordHash, inputPasswordHash)) { throw new AuthenticationFailedException(); } return(user); }