public async Task<HttpResponseMessage> Login([FromBody] string assertion)
        {
            if (assertion == null)
            {
                return new HttpResponseMessage(HttpStatusCode.BadRequest);
            }

            using (var client = new HttpClient())
            {
                var content = new FormUrlEncodedContent(
                        new Dictionary<string, string> {
                            { "assertion", assertion },
                            { "audience", Request.RequestUri.Host },
                        }
                    );
                var result = await client.PostAsync("https://verifier.login.persona.org/verify", content);
                result.EnsureSuccessStatusCode();
                var stringresult = await result.Content.ReadAsStringAsync();
                dynamic jsonresult = JsonConvert.DeserializeObject<dynamic>(stringresult);
                if (jsonresult.status == "okay")
                {
                    string email = jsonresult.email;

                    string userName = null;
                    if (User.Identity.IsAuthenticated)
                    {
                        userName = User.Identity.Name;
                    }
                    else
                    {
                        userName = OAuthWebSecurity.GetUserName("Persona", email);
                        if (userName == null)
                        {
                            userName = email; // TODO: prompt for user name
                            using (UsersContext db = new UsersContext())
                            {
                                UserProfile user = db.UserProfiles.FirstOrDefault(u => u.UserName.ToLower() == userName.ToLower());
                                // Check if user already exists
                                if (user == null)
                                {
                                    // Insert name into the profile table
                                    db.UserProfiles.Add(new UserProfile { UserName = userName });
                                    db.SaveChanges();

                                }
                            }
                        }
                    }

                    OAuthWebSecurity.CreateOrUpdateAccount("Persona", email, userName);


                    FormsAuthentication.SetAuthCookie(email, false);
                    return new HttpResponseMessage(HttpStatusCode.OK);
                }
            }
            return new HttpResponseMessage(HttpStatusCode.Forbidden);
        }
        public ActionResult ExternalLoginConfirmation(RegisterExternalLoginModel model, string returnUrl)
        {
            string provider = null;
            string providerUserId = null;

            if (User.Identity.IsAuthenticated || !OAuthWebSecurity.TryDeserializeProviderUserId(model.ExternalLoginData, out provider, out providerUserId))
            {
                return RedirectToAction("Manage");
            }

            if (ModelState.IsValid)
            {
                // Insert a new user into the database
                using (UsersContext db = new UsersContext())
                {
                    UserProfile user = db.UserProfiles.FirstOrDefault(u => u.UserName.ToLower() == model.UserName.ToLower());
                    // Check if user already exists
                    if (user == null)
                    {
                        // Insert name into the profile table
                        db.UserProfiles.Add(new UserProfile { UserName = model.UserName });
                        db.SaveChanges();

                        OAuthWebSecurity.CreateOrUpdateAccount(provider, providerUserId, model.UserName);
                        OAuthWebSecurity.Login(provider, providerUserId, createPersistentCookie: false);

                        return RedirectToLocal(returnUrl);
                    }
                    else
                    {
                        ModelState.AddModelError("UserName", "User name already exists. Please enter a different user name.");
                    }
                }
            }

            ViewBag.ProviderDisplayName = OAuthWebSecurity.GetOAuthClientData(provider).DisplayName;
            ViewBag.ReturnUrl = returnUrl;
            return View(model);
        }