public async Task<IHttpActionResult> ForgotPassword(ForgotPasswordViewModel model) { if (ModelState.IsValid) { var user = await _userManager.FindByEmailAsync(model.Email); if (user == null || !(await _userManager.IsEmailConfirmedAsync(user.Id))) { // Don't reveal that the user does not exist or is not confirmed //return View("ForgotPasswordConfirmation"); ModelState.AddModelError("", "Email is not confirmed."); return BadRequest(ModelState); } // For more information on how to enable account confirmation and password reset please visit http://go.microsoft.com/fwlink/?LinkID=320771 // Send an email with this link string code = await _userManager.GeneratePasswordResetTokenAsync(user.Id); string clientSite = AppSettingsConfig.ClientSite; var callbackUrl = clientSite + "/#/resetpassword?userId=" + user.Id + "&code=" + code; await _userManager.SendEmailAsync(user.Id, "Reset Password", "Please reset your password by clicking <a href=\"" + callbackUrl + "\">here</a>"); } return Ok(); }