public void ValidateUserAndPassword(string userName, string password)
{
var user = m_userRepository.GetByLogin(userName);
if (user == null || user.PasswordHash == null || (!CustomPasswordHasher.ValidatePassword(password.Split(':')[1], user.PasswordHash)))
{
throw new AuthenticationException("Invalid credentials");
}
}