private async Task <JsonResult> RemoveApiKeyCredential(User user, Credential cred)
        {
            if (cred == null)
            {
                Response.StatusCode = (int)HttpStatusCode.NotFound;
                return(Json(Strings.CredentialNotFound));
            }

            var credentialTypeInfo = AuthenticationService.DescribeCredential(cred).GetCredentialTypeInfo();

            await AuthenticationService.RemoveCredential(user, cred);

            // Notify the user of the change
            var emailMessage = new CredentialRemovedMessage(
                _config,
                user,
                credentialTypeInfo);
            await MessageService.SendMessageAsync(emailMessage);

            return(Json(Strings.CredentialRemoved));
        }
        private async Task <ActionResult> RemoveCredentialInternal(User user, Credential cred, string message)
        {
            if (cred == null)
            {
                TempData["Message"] = Strings.CredentialNotFound;

                return(RedirectToAction("Account"));
            }

            // Count credentials and make sure the user can always login
            if (!cred.IsApiKey() && CountLoginCredentials(user) <= 1)
            {
                TempData["Message"] = Strings.CannotRemoveOnlyLoginCredential;
            }
            else
            {
                await AuthenticationService.RemoveCredential(user, cred);

                if (cred.IsPassword())
                {
                    // Clear the password login claim, to remove warnings.
                    OwinContext.RemoveClaim(NuGetClaims.PasswordLogin);
                }

                // Notify the user of the change
                var emailMessage = new CredentialRemovedMessage(
                    _config,
                    user,
                    AuthenticationService.DescribeCredential(cred).GetCredentialTypeInfo());
                await MessageService.SendMessageAsync(emailMessage);

                TempData["Message"] = message;
            }

            return(RedirectToAction("Account"));
        }