Looking at this function
Why does it include, TUser user? It is never used inside the function, to me it appears to have no value.
Also, just wondering the scope and intended user of PasswordHasher. For example, if I'm trying to find a user trying to log in, I will search my database forx.userName == userName && x.encryptedPassword == encryptedPassword . So here the workflow is, 1) encrypt the raw password, 2) find matching database entry, 3) Authenticate User.
The PasswordHasher has this VerifyHashedPassword which assumes you have the encrypted password. Are you assuming that you look up in the database only by User Name (treating it like a unique identifier) then passing its encrypted password to the function?