public User LogonUser(string email, string password) { User user = GetUser(email); if (!user.CheckPassword(password)) { throw new ApplicationException("Invalid password!"); } return user; }