//[ValidateJsonAntiForgeryToken]
        public ActionResult Manage(ManageModel model) {
            ModelState state = ModelState["OldPassword"];
            if (state != null)
                state.Errors.Clear();

            state = ModelState["NewPassword"];
            if (state != null)
                state.Errors.Clear();

            state = ModelState["ConfirmPassword"];
            if (state != null)
                state.Errors.Clear();

            User user = User.UserEntity;
            if (ModelState.IsValid) {
                try {
                    _userRepository.InvalidateCache(user);

                    if (!String.Equals(user.EmailAddress, model.EmailAddress, StringComparison.OrdinalIgnoreCase)) {
                        if (_userRepository.GetByEmailAddress(model.EmailAddress) != null)
                            throw new InvalidOperationException("A user with this email address already exists.");

                        user.IsEmailAddressVerified = user.OAuthAccounts.Count(oa => String.Equals(oa.EmailAddress(), model.EmailAddress, StringComparison.OrdinalIgnoreCase)) > 0;
                    }

                    user.EmailAddress = model.EmailAddress;
                    user.EmailNotificationsEnabled = model.EmailNotificationsEnabled;
                    user.FullName = model.FullName;

                    _membershipProvider.UpdateAccount(user);

                    // NOTE: If a user is updating their profile but hasn't verified the email address.. I think we should send them a notification every time..
                    if (!user.IsEmailAddressVerified) {
                        user.VerifyEmailAddressToken = _membershipProvider.GenerateVerifyEmailToken(user.EmailAddress);
                        _mailer.SendVerifyEmailAsync(user);
                    }

                    var principal = new ExceptionlessPrincipal(user);
                    Thread.CurrentPrincipal = principal;
                    if (System.Web.HttpContext.Current != null)
                        System.Web.HttpContext.Current.User = principal;
                } catch (Exception e) {
                    ModelState.AddModelError("", e.Message);
                }
            }

            if (!ModelState.IsValid) {
                Response.StatusCode = (int)HttpStatusCode.BadRequest;
                return Json(ModelState.ToDictionary());
            }

            return Json(new { IsVerified = user.IsEmailAddressVerified });
        }
        public ActionResult Manage(ManageMessageId? message) {
            var model = new ManageModel();

            ViewBag.StatusMessage =
                message == ManageMessageId.ChangeProfileSuccess ? "Your profile has been updated."
                    : message == ManageMessageId.ChangePasswordSuccess ? "Your password has been changed."
                        : message == ManageMessageId.SetPasswordSuccess ? "Your password has been set."
                            : message == ManageMessageId.RemoveLoginSuccess ? "The external login was removed."
                                : "";

            ViewBag.HasLocalPassword = _membershipProvider.HasLocalAccount(User.Identity.Name);
            ViewBag.ReturnUrl = Url.Action("Manage");

            User user = _membershipProvider.GetUserByEmailAddress(User.Identity.Name);
            model.EmailAddress = user.EmailAddress;
            model.EmailNotificationsEnabled = user.EmailNotificationsEnabled;
            model.FullName = user.FullName;
            ViewBag.IsVerified = user.IsEmailAddressVerified;

            return View(model);
        }