public IHttpActionResult RestorePassword(RestorePasswordDTO model) { var currentUser = UserManager.FindByEmail(model.Email); if (currentUser == null) { HttpCode(HttpStatusCode.Forbidden); HttpMessage("User with this email address not finded"); return(Ok()); } var confimationToken = UserManager.GeneratePasswordResetToken(currentUser.Id); var newPassword = System.Web.Security.Membership.GeneratePassword(6, 0); UserManager.ResetPassword(currentUser.Id, confimationToken, newPassword); _messageService.AddRestorePasswordMessage(currentUser, newPassword); HttpCode(HttpStatusCode.OK); return(Ok()); }