public ActionResult ForgotPassword(FormCollection form) { string email = form["email"].ToString(); var usr = _usrService.GetUserProfile(email); if (ModelState.IsValid) { if (usr == null) { // Don't reveal that the user does not exist or is not confirmed return(View("Login")); } string passwordKey = KeyGenerator.GetUniqueKey(8); usr.PassWord = passwordKey; _usrService.SaveUserProfil(usr); string message = _emailService.ForgotPasswordContent(usr.PassWord); _emailService.SendEmail(usr.Email, "Password Recovery", message); return(RedirectToAction("ForgotPassword", "Account")); } // If we got this far, something failed, redisplay form return(View("Login")); }