public async Task <IActionResult> PasswordRecover(string email, int userId) { User userModel = await _userRepository.GetUserByAccount(userId); if (userModel.Status.ToLower() == Constrants.USER_STATUS_ACTIVE) { if (userModel.Id != userId) { return(Unauthorized()); } var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes(_appSettings.Secret); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Email, userModel.Email) }), Expires = DateTime.UtcNow.AddMinutes(5), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature) }; var token = tokenHandler.CreateToken(tokenDescriptor); var tokenString = tokenHandler.WriteToken(token); bool isUpdated = _share.SendEmail(_share.GetConfigKey("EmailFrom"), email, "Trojantrading Password Reset", string.Format("Click url below to reset password:\r\n\r\n{0}", "http://localhost:56410/recover/" + tokenString)); // return basic user info and token to store client side return(Ok(new UserResponse { UserId = userModel.Id, UserName = userModel.Account, Token = tokenString })); } else { return(Ok(new UserResponse { UserName = "", Token = "" })); } }