private AuthenticationResult InvalidLogin(string message) { if(_session!=null) _session.Dispose(); return new AuthenticationResult { Message = message, Authenticated = false }; }