public ActionResult Manage(LocalPasswordModel model) { bool hasLocalAccount = true; ViewBag.HasLocalPassword = hasLocalAccount; ViewBag.ReturnUrl = Url.Action("Manage"); if (hasLocalAccount) { if (ModelState.IsValid) { model.OldPassword = model.OldPassword.ToLower(); model.NewPassword = model.NewPassword.ToLower(); // ChangePassword will throw an exception rather than return false in certain failure scenarios. bool changePasswordSucceeded; try { changePasswordSucceeded = UserModule.ChangePassword(User.Identity.Name, model.OldPassword, model.NewPassword); } catch (Exception ex) { changePasswordSucceeded = false; } if (changePasswordSucceeded) { return(RedirectToAction("Manage", new { Message = ManageMessageId.ChangePasswordSuccess })); } else { ModelState.AddModelError("", "The current password is incorrect or the new password is invalid."); } } } else { // User does not have a local password so remove any validation errors caused by a missing // OldPassword field ModelState state = ModelState["OldPassword"]; if (state != null) { state.Errors.Clear(); } if (ModelState.IsValid) { try { WebSecurity.CreateAccount(User.Identity.Name, model.NewPassword); return(RedirectToAction("Manage", new { Message = ManageMessageId.SetPasswordSuccess })); } catch (Exception e) { ModelState.AddModelError("", e); } } } // If we got this far, something failed, redisplay form return(View(model)); }