public virtual async Task <ActionResult> Confirm(string accountName, string token) { // We don't want Login to go to this page as a return URL // By having this value present in the dictionary BUT null, we don't put "returnUrl" on the Login link at all ViewData[Constants.ReturnUrlViewDataKey] = null; var account = GetAccount(accountName); if (account == null || ActionsRequiringPermissions.ManageAccount.CheckPermissions(GetCurrentUser(), account) != PermissionsCheckResult.Allowed) { return(View(new ConfirmationViewModel(accountName) { WrongUsername = true, SuccessfulConfirmation = false })); } string existingEmail = account.EmailAddress; var model = new ConfirmationViewModel(account); if (!model.AlreadyConfirmed) { try { model.SuccessfulConfirmation = await UserService.ConfirmEmailAddress(account, token); } catch (EntityException) { model.SuccessfulConfirmation = false; model.DuplicateEmailAddress = true; } // SuccessfulConfirmation is required so that the confirm Action isn't a way to spam people. // Change notice not required for new accounts. if (model.SuccessfulConfirmation && !model.ConfirmingNewAccount) { await MessageService.SendEmailChangeNoticeToPreviousEmailAddressAsync(account, existingEmail); string returnUrl = HttpContext.GetConfirmationReturnUrl(); if (!String.IsNullOrEmpty(returnUrl)) { TempData["Message"] = Messages.EmailConfirmed; return(SafeRedirect(returnUrl)); } } } return(View(model)); }