public IHttpActionResult LoginUser(LoginRequest req)
        {
            ObjectParameter token  = new ObjectParameter("token", typeof(string));
            ObjectParameter change = new ObjectParameter("change", typeof(string));


            if (!ModelState.IsValid)
            {
                return(BadRequest());
            }

            LoginResponse lr = new LoginResponse();
            int           rc = db.loginUser(req.UserID, req.Password, req.Supplier, token, req.IPAddress, change);

            lr.CopyRequest(req);
            lr.Token    = (string)token.Value;
            lr.Change   = (string)change.Value;
            lr.Password = "";

            return(Ok(lr));
        }