public async Task <IHttpActionResult> PutEmail(JObject value) { var userId = this.GetUserId(); // TODO. Store the old confirmed email. To replace a confirmed email with an unconfirmed one is a bed idea. But we have no infrastructure currently to store an unconfirmed email temporarily. if (await OwinUserManager.IsEmailConfirmedAsync(userId)) { return(BadRequest("Unable to change a confirmed email address.")); } var email = (string)value["email"]; if (String.IsNullOrWhiteSpace(email)) { return(BadRequest()); } email = email.Trim(); var result = await OwinUserManager.SetEmailAsync(userId, email); if (result.Succeeded) { var confirmationToken = await OwinUserManager.GenerateEmailConfirmationTokenAsync(userId); var queryString = AccountUtils.GetMailLinkQueryString(confirmationToken, userId); var host = Request.RequestUri.GetComponents(UriComponents.Host, UriFormat.Unescaped); var link = "http://" + host + "/account/confirm-email?" + queryString; var displayName = this.GetUserDisplayName(); await EmailUtils.SendVerificationEmailAsync(email, displayName, link); return(StatusCode(HttpStatusCode.NoContent)); } else { return(BadRequest(result.PlainErrorMessage("Failed to change email address."))); } }