/// <summary>
/// Retrieves a user by their username and then compares the password
/// to the encrypted password, if successful then the user is returned,
/// otherwise null.
/// </summary>
/// <param name="username">Username credential.</param>
/// <param name="password">Password credential.</param>
/// <returns>User that matches the credentials, otherwise null.</returns>
public User ByUsernameAndPassword(string username, string password)
{
var user = (User)_db.Users.FindByUsername(username);
if (user == null || !_encryption.DecryptCompare(password, new Password(user.PasswordKey, user.PasswordSalt)))
{
return(null);
}
return(user);
}