public ApiResponse<SecureTokenInfo> CreateLoginTicket(CreateLoginTicketRq rq) { string rsCode = "OK", rsMessage = string.Empty; SecureTokenInfo payload = null; try { using (var dbUsers = new UserManager("s9")) { //if (MembershipContext.Current.Identity == null) return; payload = dbUsers.CreateLoginTicket(rq); if (payload == null) { rsCode = "AD"; rsMessage = "Access Denied"; } else { payload.Id = 0; payload.ProofSuffix = null; payload.User.Password = null; payload.User.PasswordAnswer = null; payload.User.PasswordQuestion = null; } } } catch (Exception ex) { // log exception // return denied status rsCode = "AD"; rsMessage = "Access Denied"; } return new ApiResponse<SecureTokenInfo> { Content = payload, ResponseCode = rsCode, ResponseMessage = rsMessage }; }