public IHttpActionResult Authenticate([FromBody] LoginRequest login) { var loginResponse = new LoginResponse { }; bool isEmailPasswordValid = false; if (login != null) { isEmailPasswordValid = validateEmailPassword(login.Email, login.Password); } //if credentials are valid if (isEmailPasswordValid) { //create response object with the user information and the token //token loginResponse.Token = createToken(login.Email); //user info StudentModel student = studentHandler.GetByEmail(login.Email); loginResponse.Id = student.Id; loginResponse.Email = student.Email; loginResponse.FirstName = student.FirstName; loginResponse.LastName = student.LastName; loginResponse.PhoneNumber = student.PhoneNumber; loginResponse.DateOfBirth = student.DateOfBirth; loginResponse.EducationEndDate = student.EducationEndDate; loginResponse.Nationality = student.Nationality; //return the token return(Ok(loginResponse)); } else { // if credentials are not valid send unauthorized status code in response //loginResponse.responseMsg.StatusCode = HttpStatusCode.Unauthorized; //response = ResponseMessage(loginResponse.responseMsg); //return response; return(Unauthorized()); } }