public ActionResult UpdatePassword([ModelBinder(typeof(PasswordRequestModelBinder))] PasswordRequest passwordRequest) { //validate password check password satisfies the complexity rules if (!this.ModelState.IsValid) { Response.StatusCode = (int)HttpStatusCode.BadRequest; return(Json(new { success = false, errorMessage = "invalid request" })); } //call api to reset the password //get the current user var user = _authenticationManager.User; if (user == null) { return(UnauthorisedJson()); } var subClaim = user.Claims.FirstOrDefault(c => c.Type == "sub"); if (subClaim == null) { return(UnauthorisedJson()); } var response = _coreClient.UpdatePassword(subClaim.Value, passwordRequest); if (!response.Errored) { return(Json(new { success = true })); } Response.StatusCode = (int)HttpStatusCode.BadRequest; return(Json(new { success = false })); }