public bool Authenticate(string userID, Password password) { bool authenticated = false; if (userID != null && password != null) { string sql = "select * from tb_UserAccountInfo where UserID=@userid"; SqlCommand sc = new SqlCommand(sql); sc.Parameters.AddWithValue("@userid", userID); DataTable dtuser = da.GetDataTable(sql, sc); if (dtuser != null && dtuser.Rows != null && dtuser.Rows.Count > 0) { try { DataRowWrapper rowWrapper = new DataRowWrapper(dtuser.Rows[0]); Password pwd = rowWrapper.GetTypedColumnValue("Password", typeof(Password)) as Password; if (pwd != null) { if (password.Content == pwd.Content) { authenticated = true; } else { authenticated = false; } // authenticated = password.Equals(pwd); } if (!authenticated) { Password changedPassword = rowWrapper.GetTypedColumnValue("ChangedPassword", typeof(Password)) as Password; if (changedPassword != null) { authenticated = password.Equals(changedPassword); if (authenticated) { AccountInfoProvider.Instance.ChangePassword(userID, changedPassword); } } } } catch (Exception ex) { } } } return authenticated; }