public bool IsPasswordValid(string userId, string password) { // Get user entry from storage. var userPasswordInfo = _passwordRepository.GetUserInfo(userId); // has the password expired? if (_passwordExpiryService.HasPasswordExpired(userPasswordInfo.Expiry)) { return(false); } // need a crypto class to handle different types of algorithms. var newHash = _cryptoService.HashPassword(password, userPasswordInfo.HashSalt); var areEqual = newHash.HashedPassword.Equals(userPasswordInfo.HashedPassword); return(areEqual); }