public async Task <ActionResult> ChangePassword(ChangePasswordViewModel model) { if (!ModelState.IsValid) { return(View(model)); } var email = User.Identity.GetUserId(); if (_authRepository.Validate(email, model.OldPassword)) { var result = _authRepository.ResetPassword(email, model.NewPassword); if (result.Success) { return(RedirectToAction("PasswordChangeSuccess")); } ModelState.AddModelError("", result.Message); } else { // 'Old Password' was incorrect var user = _authRepository.GetUserAccount(email); if (user.LockoutEnabled) { if (user.AccessFailedCount == 4) { // Lock the account for 5 minutes _authRepository.LockAccount(user.Email); HttpContext.GetOwinContext().Authentication.SignOut(); return(RedirectToAction("Index", "Home")); } else { // Increment the failed attempt count _authRepository.FailedPasswordAttempt(user.Email, user.AccessFailedCount + 1); ModelState.AddModelError("", "Password change failed!"); } } } return(View(model)); }