internal static string LoginAnonymousImp()
        {
            SetupImp();

            Securable s = new Securable(typeof(ApplicationExceptionSecureService).FullName);

            if (!s.AllowAnonymousAccess)
                return null;

            if (System.Web.HttpContext.Current != null)
            {
                IPRegistered ipr = new IPRegistered(System.Web.HttpContext.Current.Request.UserHostAddress);

                ipr = AddIPImp(s);

                // ipr.SessionsCreated = ipr.SessionsCreated + 1;
                // ipr.Update();
                // IPSessionRegistration

                CheckIPImp(s, ipr);
            }

            ModelSession ms = new ModelSession(GenerateSessionTokenImp());
            ms.User = new ModelUser("Everyone");
            ms.TimeIssued = DateTime.Now;
            ms.TimeIssuedFor = s.TimeSessionIsIssued;
            ms.Create();

            return ms.SessionToken;
        }
        internal static void CreateSessionImp(ref ModelSession ms, string userName, string password)
        {
            if (userName.ToLowerInvariant() == "everyone")
                throw new InvalidOperationException("Wrong API call for anonymous access.");

            Securable s = new Securable(typeof(ApplicationExceptionSecureService).FullName);

            ModelUser mu = new ModelUser(userName);
            if (!mu.Exists)
            {
                if (System.Web.HttpContext.Current != null)
                {
                    IPRegistered ipr = new IPRegistered(System.Web.HttpContext.Current.Request.UserHostAddress);
                    RegisterIPFailureImp(s, ipr);
                }

                throw new UnauthorizedAccessException("Access Denied");
            }

            if (!Platform.Runtime.Security.Hash.VerifyHash(password, "SHA512", mu.PasswordHash))
            {
                if (System.Web.HttpContext.Current != null)
                {
                    IPRegistered ipr = new IPRegistered(System.Web.HttpContext.Current.Request.UserHostAddress);
                    RegisterIPFailureImp(s, ipr);
                }

                throw new UnauthorizedAccessException("Access Denied");
            }

            if (!mu.Enabled && !ApplicationExceptionSecureService.CheckUserRightsImp(userName, "CannotBeDisabled"))
            {
                if (System.Web.HttpContext.Current != null)
                {
                    IPRegistered ipr = new IPRegistered(System.Web.HttpContext.Current.Request.UserHostAddress);
                    RegisterIPFailureImp(s, ipr);
                }

                throw new UnauthorizedAccessException("Access Denied"); // LoginDisabledException
            }

            ms.User = mu;
            ms.TimeIssued = DateTime.Now;
            ms.TimeIssuedFor = s.TimeSessionIsIssued;
            ms.Create();
        }