public void ChangePassword(string forChange, [FromBody] string newPassword) { var currentEmployee = officeDB.Employees.FirstOrDefault(t => t.Login == RequestContext.Principal.Identity.Name); var employees = officeDB.Employees.FirstOrDefault(t => t.Login == forChange); if (currentEmployee == employees || employees.Security >= currentEmployee.Security) { throw new HttpResponseException(HttpStatusCode.Forbidden); } else { employees.Password = newPassword; TokenManager.CleanAllTokens(employees.Login); officeDB.SaveChangesAsync(); } }