public IHttpActionResult AddExternalLogin(AddExternalLoginBindingModel model) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } userManagementService.SignOut(DefaultAuthenticationTypes.ExternalCookie); var ticket = userManagementService.UnprotectToken(model.ExternalAccessToken); if (ticket == null || ticket.Identity == null || (ticket.Properties != null && ticket.Properties.ExpiresUtc.HasValue && ticket.Properties.ExpiresUtc.Value < DateTimeOffset.UtcNow)) { return(BadRequest("External login failure.")); } ExternalLoginData externalData = ExternalLoginData.FromIdentity(ticket.Identity); if (externalData == null) { return(BadRequest("The external login is already associated with an account.")); } var result = userManagementService.AddLogin(User.Identity.GetUserId(), externalData.LoginProvider, externalData.ProviderKey); if (result.HasError) { return(GetErrorResult(result)); } return(Ok()); }