public bool ValidateUsernameAndPassword(string username, string password)
{
if (string.IsNullOrEmpty(password))
{
return(false);
}
var user = FindUserByUsername(username);
if (user == null)
{
return(false);
}
var currentPassword = PasswordHelpers.DerivePasswordFromPasswordHash(user.Password);
var currentSalt = PasswordHelpers.DeriveSaltFromPasswordHash(user.Password);
if (currentPassword == null || currentSalt == null)
{
return(false);
}
var providedPasswordHash = PasswordHelpers.HashPassword(password, currentSalt);
if (user.Password.Length != providedPasswordHash.Length)
{
return(false);
}
return(providedPasswordHash.SequenceEqual(user.Password));
}