public async Task<ActionResult> ForgotPassword(ForgotPasswordViewModel model) { if (ModelState.IsValid) { var user = await _userManager.FindByNameAsync(model.Email.TrimEnd()); if (user == null || !await _userManager.IsEmailConfirmedAsync(user.Id)) { // Don't reveal that the user does not exist or is not confirmed return View("ForgotPasswordConfirmation"); } } // If we got this far, something failed, redisplay form return View(model); }