public IHttpActionResult DELETE(string username) { var identity = User.Identity as ClaimsIdentity; string authenticatedUser = identity.FindFirst("sub").Value; if (username == null) { return(BadRequest("Username may not be null")); } try { StaffModel user = _staffServices.Get(authenticatedUser); if (user.isAdmin) { _staffServices.Delete(username); AuthRepository _repo = new AuthRepository(); _repo.Delete(username); return(Ok("User Deleted")); } return(BadRequest("Permission denied")); } catch (Exception e) { return(BadRequest(e.Message)); } }