private void SetUsersPassword(User user, string clearTextPassword) { var salt = Guid.NewGuid().ToString("N"); string hashedPassword = _passwordHashService.HashSaltAndPassword( salt, clearTextPassword); user.SetEncryptedPassword(salt, hashedPassword); }
/// <summary> /// Authenticates the given email address and password against existing users. /// </summary> /// <param name="emailAddress">The user's email address</param> /// <param name="clearTextPassword">The user's clear text password</param> /// <returns>The authentication result</returns> public AuthenticationResult Authenticate(string emailAddress, string clearTextPassword) { User user = _userRepository.GetByFilter(u => u.EmailAddress == emailAddress); if (user != default(User)) { string hashedPassword = _passwordHashService.HashSaltAndPassword(user.Salt, clearTextPassword); if (hashedPassword == user.Password) { // FormsAuthentication.SetAuthCookie(user.EmailAddress, false); return(AuthenticationResult.Success(user)); } } return(AuthenticationResult.Error(Errors.EmailAddressOrPasswordIsIncorrect)); }