public override bool ValidateUser(string username, string password) { using (SecurityDAO secDAO = new SecurityDAO()) { User user = secDAO.ReadUserByName(username); if (user == null) return false; string hashedPassword = secDAO.EncodePassword(password, user.Salt); bool isValid = (!user.Blocked && user.Password == hashedPassword); if (isValid) { secDAO.RecordUserLoginSuccess(user); } else { //TODO record user login attemp failure secDAO.RecordUserLoginFailure(user); } return isValid; } }