public ActionResult Manage(ChangePasswordModel model) { if (ModelState.IsValid) { var success = model.ConfirmPassword == model.NewPassword; var sessionInfo = _authSavingService.GetSessionInfo(); success &= _membershipEngine.ChangePassword( sessionInfo.Email, sessionInfo.SessionGuid, Request.GetClientIP(), model.OldPassword, model.NewPassword); if (success) { return(RedirectToAction("Manage", new { StatusMessage = UserMessages.PASSWORD_CHANGED })); } ModelState.AddModelError(STD_VALIDATION_MSG_KEY, UserMessages.ILLEGAL_PASSWORD); } // If we got this far, something failed, redisplay form return(View(model)); }