public ActionResult ForgotPassword(ForgotPasswordViewModel model) { if (ModelState.IsValid) { // First assume the username was typed in. var userName = model.UserNameOrEmail; var userId = _webSecurity.GetUserId(model.UserNameOrEmail); if (userId == -1) { // If the user was not found by name, assume his email was typed in. var user = _volunteerSvc.FindUserByEmail(model.UserNameOrEmail); if (user != null) { userName = user.UserName; userId = user.Id; } } // Only send email when user actually exists. For security reasons // don't show an error when the given user doesn't exist. if (userId != -1) { var volunteer = _volunteerSvc.FindByUserId(userId); if (volunteer != null) { var token = _webSecurity.GeneratePasswordResetToken(userName); // Generate the absolute Url for the password reset action. var routeValues = new RouteValueDictionary { { "token", token } }; var passwordResetLink = Url.Action("ResetPassword", "Account", routeValues, Request.Url.Scheme); var body = String.Format(@"<p>Click on the following link to reset your password: <a href='{0}'>{0}</a></p>", passwordResetLink); var message = new Message("CrisisCheckin - Password Reset", body); _messageService.SendMessage(message, volunteer); } } return(RedirectToAction("PasswordResetRequested")); } return(View(model)); }