public async Task <IActionResult> OnPostEditUser([FromBody] EditUserModel model) { var user = await _stepContext.Participants .Where(u => u.ParticipantId == model.ParticipantId) .Include(u => u.IdentityUser) .SingleOrDefaultAsync(); if (user == null) { return(BadRequest("No user found")); } if (!string.IsNullOrEmpty(model.Password)) { if (user.IdentityUser.LockoutEnd != null) { user.IdentityUser.LockoutEnd = null; await _userManager.UpdateAsync(user.IdentityUser); } await _userManager.RemovePasswordAsync(user.IdentityUser); var passwordResult = await _userManager.AddPasswordAsync(user.IdentityUser, model.Password); if (passwordResult.Errors.Any()) { var err = new Dictionary <string, string> { { "error", passwordResult.Errors.First().Description } }; return(new BadRequestObjectResult(err)); } } if (model.isAdmin != user.IsAdmin) { if (model.isAdmin) { await _userService.AddAdminAccess(user); } if (!model.isAdmin) { await _userService.RemoveAdminAccess(user); } user.IsAdmin = model.isAdmin; await _stepContext.SaveChangesAsync(); } var result = await _userManager.UpdateAsync(user.IdentityUser); if (result.Errors.Any()) { var err = new Dictionary <string, string> { { "error", result.Errors.First().Description } }; return(new BadRequestObjectResult(err)); } _logger.LogInformation($"Admin reset {user.ParticipantName} password "); var response = new Dictionary <string, string> { { "success", "User updated" } }; return(new OkObjectResult(response)); }