/gist:5542736

## gistfile1.cs
        [OperationContract]
        public String Login(String email, String password)
        {
            try
            {
                // Validate and Sanitize all inputs.
                if (String.IsNullOrEmpty(email))
                    return (new GameStateData(ErrorCode.ArgumentMissingEmail)).ToString();

                if (String.IsNullOrEmpty(password))
                    return (new GameStateData(ErrorCode.ArgumentMissingPassword)).ToString();

                if (email.Length > Utilities.MAX_USERNAME_LENGTH)
                    return (new GameStateData(ErrorCode.ArgumentInvalidEmail)).ToString();

                email = email.ToLower();
                if (!Utilities.ValidateEmail(email))
                    return (new GameStateData(ErrorCode.ArgumentInvalidEmail)).ToString();

                // After most validation and sanitaztion, we connect to the database ...
                using (var db = new DataClassesDataContext())
                {
                    var user = db.Users.FirstOrDefault(row => row.Email == email);

                    // ... and check if the user even exists.
                    if (user == null)
                        return (new GameStateData(ErrorCode.AccountError)).ToString();

                    if (user.Status == null)
                        return (new GameStateData(ErrorCode.AccountInactive)).ToString();

                    var hash = Utilities.Sha256(password);
                    var salt = user.Salt;
                    hash = Utilities.Sha256(salt + hash);

                    if (hash != user.Password)
                        return (new GameStateData(ErrorCode.AccountError)).ToString();


                    Session.Validate(email);
                    var gameState = new GameStateData(ErrorCode.Success);
                    gameState.User.Id = user.Id;
                    gameState.User.Username = user.Email;
                    gameState.User.Warcamp.Id = (user.WarcampId ?? -1);
                    return gameState.ToString();
                }
            }
            catch (Exception e)
            {
                //TODO: Log this.
                return (new GameStateData(ErrorCode.ServerError) { ErrorHint = e.Message }).ToString();
            }
        }
	[OperationContract]
	public String Login(String email, String password)
	{
	try
	{
	// Validate and Sanitize all inputs.
	if (String.IsNullOrEmpty(email))
	return (new GameStateData(ErrorCode.ArgumentMissingEmail)).ToString();

	if (String.IsNullOrEmpty(password))
	return (new GameStateData(ErrorCode.ArgumentMissingPassword)).ToString();

	if (email.Length > Utilities.MAX_USERNAME_LENGTH)
	return (new GameStateData(ErrorCode.ArgumentInvalidEmail)).ToString();

	email = email.ToLower();
	if (!Utilities.ValidateEmail(email))
	return (new GameStateData(ErrorCode.ArgumentInvalidEmail)).ToString();

	// After most validation and sanitaztion, we connect to the database ...
	using (var db = new DataClassesDataContext())
	{
	var user = db.Users.FirstOrDefault(row => row.Email == email);

	// ... and check if the user even exists.
	if (user == null)
	return (new GameStateData(ErrorCode.AccountError)).ToString();

	if (user.Status == null)
	return (new GameStateData(ErrorCode.AccountInactive)).ToString();

	var hash = Utilities.Sha256(password);
	var salt = user.Salt;
	hash = Utilities.Sha256(salt + hash);

	if (hash != user.Password)
	return (new GameStateData(ErrorCode.AccountError)).ToString();


	Session.Validate(email);
	var gameState = new GameStateData(ErrorCode.Success);
	gameState.User.Id = user.Id;
	gameState.User.Username = user.Email;
	gameState.User.Warcamp.Id = (user.WarcampId ?? -1);
	return gameState.ToString();
	}
	}
	catch (Exception e)
	{
	//TODO: Log this.
	return (new GameStateData(ErrorCode.ServerError) { ErrorHint = e.Message }).ToString();
	}
	}