public static UserAuthResult Authenticate(string userName, string password, string providerKey) { string Auth_GetUserByCredentials = @"SELECT u.ID,u.Name,u.Surname,u.Email,u.Password,u.About,u.BirthDate,u.DateCreated,u.LastLogin,u.DateUpdated,ul.LoginProvider FROM User AS u INNER JOIN UserLogin AS ul ON u.ID = ul.UserID WHERE u.Email = '{1}' WHERE ul.Providerkey = '{1}'"; string connStr = ConfigurationManager.AppSettings["MasterSQLConnection"]; SqlDatabase db = new SqlDatabase(connStr); UserAuthResult result = new UserAuthResult(); result.AuthSuccess = false; User user = new User(); string dbPassword = string.Empty; try { string query = String.Format(Auth_GetUserByCredentials, userName); using (DbCommand command = db.GetSqlStringCommand(query)) { using (IDataReader reader = db.ExecuteReader(command)) { if (reader.Read()) { //Users.ID,Users.Name,Surname,IsAdmin,IsSuperAdmin,LoginType,Users.ActiveDirectoryDomain,Password user.ID = int.Parse(reader["ID"].ToString()); user.Password = reader["Password"].ToString(); user.Name = reader["Name"].ToString(); user.Surname = reader["Surname"].ToString(); } else { result.AuthSuccess = false; result.ErrorMsg = "Username or password is wrong"; } } } } finally { } if (!string.IsNullOrEmpty(password) && user.ID > 0 && password.Equals(user.Password)) { result.User = user; result.AuthSuccess = true; } else { result.ErrorMsg = "Username or password is wrong"; } return result; }