public ActionResult ConfirmPasswordReset(string token, string email)
{
//check token is valid for email, then sign in user and go to password change
var userManager = new UserManager();
var user = userManager.GetUserFromResetToken(email, token);
if (user != null)
{
userManager.AssignNewSessionToken(user.ID, true);
//sign in user
PerformCoreLogin(user);
//proceed to password change
TempData["IsCurrentPasswordRequired"] = false;
return RedirectToAction("ChangePassword", "Profile");
}
return View();
}
