public ActionResult ChangePassword( [Bind(Include = "OldPassword,Password,ConfirmPassword")] NewPassword NewPasswordRequest) { if (!NewPasswordRequest.IsMatched()) { Session["error"] = "New passwords aren't matched!"; return(RedirectToAction("Index")); } var LoggedUser = Session["LoggedUser"] as User; var LoggedUserInDB = DB.Users.SingleOrDefault(u => u.Email == LoggedUser.Email); if (LoggedUser != null) { var oldHasedPassword = ComputeSha256Hash(NewPasswordRequest.OldPassword); var newHashedPassword = ComputeSha256Hash(NewPasswordRequest.Password); // if old password is same as in db if (LoggedUserInDB.Password.ToLower() == oldHasedPassword.ToLower()) { LoggedUserInDB.Password = newHashedPassword; DB.SaveChanges(); Session["success"] = "Password has been changed"; } else { Session["error"] = "Old passwords doesnt match!"; } } return(RedirectToAction("Index")); }