public HttpResponseMessage UpdateProfileEmail(string id, [FromBody] AccountDetailsModel details) { if ((details.Email ?? "").Length == 0 || ModelState.IsValid == false) { throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.BadRequest)); } if (User.Identity.UserId() == id) { IUser profile = repository.GetUser(id); if (profile != null) { // User must supply a password to change his email address. Valid password and existing email try { accountBusiness.SignIn(profile.Email, details.Password); } catch (InvalidEmailOrPasswordException) { throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.Forbidden)); } Domain.ICredentials credentials = repository.GetCredentials(profile.Email); if (credentials != null) { profile.Email = details.Email; credentials.Email = details.Email; // Save repository.Save(profile); repository.Save(credentials); HttpResponseMessage response = Request.CreateResponse(HttpStatusCode.OK, profile); response.Headers.Location = new Uri(Request.RequestUri, "/api/account/" + id); return(response); } } // No such user throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.NotFound)); } throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.Forbidden)); }