public override bool ValidateUser(string username, string password)
{
password = password.Trim();
var user = SecurityUtility.GetUserByUsername(username);
if (user != null)
{
//// if (!user.Active || user.AccountLocked)
//if (user.Locked)
// return false;
if (SecurityUtility.IsPasswordEqual(password, user.Password, user.Salt))
{
//Stored valid logged user to session
new UserSession(user);
user.LastLoginTime = DateTime.Now;
user.FailedLoginTimes = 0;
SecurityUtility.UpdateUserInformation(user);
return(true);
}
user.LastLoginTime = DateTime.Now;
user.FailedLoginTimes++;
SecurityUtility.UpdateUserInformation(user);
}
return(false);
}