public bool Authenticate(string userID, Password password)
        {
            bool authenticated = false;

            if (userID != null && password != null)
            {
                string sql = "select * from tb_UserAccountInfo where UserID=@userid";
                SqlCommand sc = new SqlCommand(sql);
                sc.Parameters.AddWithValue("@userid", userID);
                DataTable dtuser = da.GetDataTable(sql, sc);
                if (dtuser != null && dtuser.Rows != null && dtuser.Rows.Count > 0)
                {
                    try
                    {
                        DataRowWrapper rowWrapper = new DataRowWrapper(dtuser.Rows[0]);
                        Password pwd = rowWrapper.GetTypedColumnValue("Password", typeof(Password)) as Password;
                        if (pwd != null)
                        {
                            if (password.Content == pwd.Content)
                            {
                                authenticated = true;
                            }
                            else
                            {
                                authenticated = false;
                            }
                            // authenticated = password.Equals(pwd);
                        }

                        if (!authenticated)
                        {
                            Password changedPassword = rowWrapper.GetTypedColumnValue("ChangedPassword", typeof(Password)) as Password;

                            if (changedPassword != null)
                            {
                                authenticated = password.Equals(changedPassword);

                                if (authenticated)
                                {
                                    AccountInfoProvider.Instance.ChangePassword(userID, changedPassword);
                                }
                            }

                        }
                    }
                    catch (Exception ex)
                    {

                    }
                }

            }

            return authenticated;
        }
        public StatusCode ChangePassword(string userID, Password newPassword)
        {
            StatusCode statusCode = StatusCode.Success;
            try
            {
                string sql = "update tb_UserAccountInfo set [ChangedPassword] = [Password], [Password] = @pwd"
                    + " where  [UserId] =@userid";
                SqlCommand sc = new SqlCommand(sql);
                sc.Parameters.AddWithValue("@pwd", XMLToString(newPassword));
                sc.Parameters.AddWithValue("@userid", userID);
                da.ExecuteNonQuery(sql, sc);
            }
            catch (Exception ex)
            {

                statusCode = StatusCode.Fail;
            }
            return statusCode;
        }