public IHttpActionResult Login(HttpRequestMessage message) { if (!CheckHeaders(message, out string responseMessage)) { return(BadRequest(responseMessage)); } var username = message.Headers.GetValues("username").FirstOrDefault(); var password = message.Headers.GetValues("password").FirstOrDefault(); if (!VerifyUser(username, password)) { return(Unauthorized()); } bool sendEmailConformation = db.User.Where(x => x.Username == username) .Select(x => x.TwoFaEnabled) .FirstOrDefault(); if (sendEmailConformation) { int sid = JwtManager.GenerateConfirmationSid(); int userId = db.User.Where(x => x.Username == username) .Select(x => x.UserId) .FirstOrDefault(); SaveAuthToken(userId, sid); SendMail(userId, sid, out string token); return(Created("Created", token)); } else { int userId = db.User.Where(x => x.Username == username).Select(x => x.UserId).FirstOrDefault(); string token = JwtManager.GenerateToken(userId); return(Ok(token)); } }