public bool Login(string username, string password)
{
try
{
string savedPasswordHash = database.GetUserPassword(username);
if (String.IsNullOrEmpty(savedPasswordHash))
{
throw new UnauthorizedAccessException();
}
byte[] hashBytes = Convert.FromBase64String(savedPasswordHash);
byte[] salt = new byte[16];
Array.Copy(hashBytes, 0, salt, 0, 16);
var pbkfd2 = new Rfc2898DeriveBytes(password, salt, 1000);
byte[] hash = pbkfd2.GetBytes(20);
for (int i = 0; i < 20; i++)
{
if (hashBytes[i + 16] != hash[i])
{
throw new UnauthorizedAccessException();
}
}
}
catch (Exception ex)
{
return(false);
}
return(true);
}
