public IHttpActionResult LoginUser(LoginRequest req) { ObjectParameter token = new ObjectParameter("token", typeof(string)); ObjectParameter change = new ObjectParameter("change", typeof(string)); if (!ModelState.IsValid) { return(BadRequest()); } LoginResponse lr = new LoginResponse(); int rc = db.loginUser(req.UserID, req.Password, req.Supplier, token, req.IPAddress, change); lr.CopyRequest(req); lr.Token = (string)token.Value; lr.Change = (string)change.Value; lr.Password = ""; return(Ok(lr)); }