public IHttpActionResult GetAccessToken(string username, string password) { var user = userManager.ValidateAndReturnUser(username, password); if (user != null && !user.IsLockedOut) { userManager.Lock(user.Id, false); var userId = user.Id; var clientId = user.ClientId; var newToken = tokenGenerator.GetToken(userId); var accessTokenForClient = new AcccessTokenForClient(newToken, (int)clientId); return(Ok(accessTokenForClient)); } else { return(Unauthorized()); } }