public Payload<WebUser> Login(string username, string email, string password) { // create payload var payload = new Payload<WebUser>(); // todo: check security // Validate var rules = new ValidationRules(); rules.ValidateLoginEvent(username, email, password); // assign errors from validation (if applicable) payload.AssignValidationErrors(rules.Errors); // check if valid if (rules.IsValid) { // hash password var securityUtility = new SecurityUtilities(); var hashedPassword = securityUtility.HashSomething(password); // get user based on email/username and hashed password WebUser user = null; using (var queries = new WebUserQueries()) { user = queries.GetByLogin(username, email); } // check if user is found (empty) if (user != null) { // compare passwords to verify login if (hashedPassword == user.HashedPassword) { // valid, so assign payload payload.Data = user; // log activity AuditUtilities.Log(user, ActivityEventItem.Login, string.Format(Resources.AuditEntries.Login, username)); } else { // password mismatch error payload.Errors.Add("00404", Resources.Errors.ERR00404); // log activity AuditUtilities.Log(null, ActivityEventItem.LoginFailed, string.Format(Resources.AuditEntries.LoginFailed, username, Resources.Errors.ERR00404)); } } else { // throw error on not found user payload.Errors.Add("00405", Resources.Errors.ERR00405); // log activity AuditUtilities.Log(null, ActivityEventItem.LoginFailed, string.Format(Resources.AuditEntries.LoginFailed, username, Resources.Errors.ERR00405)); } } // todo: next steps in workflow // return payload return payload; }