private bool ValidateUserPassword(User user, string passWord)
{
//newly created user is entering the system first time
if (user.CreateDate.Equals(user.PasswordUpdateDate))
{
//is timed out?
if (user.PasswordUpdateDate.AddHours(1) < DateTime.Now)
{
throw new PasswordExpiredException();
}
}
if (user.PasswordHash.Equals(PasswordCrypto.EncryptUserPassword(user.UserName, passWord)))
{
//update successfull attempt
user.LastSuccessAttempt = DateTime.Now;
user.InvalidAttemptCount = 0;
UserDao.Update(user);
return(true);
}
else
{
//update invalid attempt
user.LastInvalidAttempt = DateTime.Now;
user.InvalidAttemptCount += 1;
UserDao.Update(user);
throw new InvalidPasswordException();
}
}
private void HashPassword(User user, string passWord)
{
user.PasswordHash = PasswordCrypto.EncryptUserPassword(user.UserName, passWord);
user.InvalidAttemptCount = 0;
user.PasswordUpdateDate = DateTime.Now;
}