public async Task <IActionResult> SetPassword([FromRoute] string userId, [FromBody] SetPasswordRequest request) { var user = await _dbContext.Users.SingleOrDefaultAsync(x => x.Id == userId); if (user == null) { return(NotFound()); } var hasPassword = await _userManager.HasPasswordAsync(user); IdentityResult result; if (hasPassword) { result = await _userManager.RemovePasswordAsync(user); if (!result.Succeeded) { return(BadRequest(result.Errors.ToValidationProblemDetails())); } } result = await _userManager.AddPasswordAsync(user, request.Password); if (!result.Succeeded) { return(BadRequest(result.Errors.ToValidationProblemDetails())); } if (request.ChangePasswordAfterFirstSignIn.HasValue && request.ChangePasswordAfterFirstSignIn.Value == true) { await _userManager.SetPasswordExpiredAsync(user, true); } return(Ok()); }