public virtual ActionResult Confirm(string username, string token) { // We don't want Login to have us as a return URL // By having this value present in the dictionary BUT null, we don't put "returnUrl" on the Login link at all ViewData[Constants.ReturnUrlViewDataKey] = null; if (String.IsNullOrEmpty(token)) { return(HttpNotFound()); } var user = UserService.FindByUsername(username); if (user == null) { return(HttpNotFound()); } string existingEmail = user.EmailAddress; var model = new EmailConfirmationModel { ConfirmingNewAccount = String.IsNullOrEmpty(existingEmail), SuccessfulConfirmation = UserService.ConfirmEmailAddress(user, token) }; if (model.SuccessfulConfirmation && Config.ConfirmationsViaAdminEmail) { MessageService.SendAdminApprovedAccountVerifiedEmail(new MailAddress(user.EmailAddress), user.Username); } // SuccessfulConfirmation is required so that the confirm Action isn't a way to spam people. // Change notice not required for new accounts. if (model.SuccessfulConfirmation && !model.ConfirmingNewAccount) { MessageService.SendEmailChangeNoticeToPreviousEmailAddress(user, existingEmail); } return(View(model)); }