In this article I am going to discuss how to implement change password in asp.net core identity API. In my previous article I have discussed how to block login if email is not confirmed in asp.net core identity. For Implement change password in asp.net core identity you have to do two things first check whether the user is real or not by asking his old password. If the old password is right then second he has to enter his new password.

Who can Change the Password?

Only logged-in user can change his password. So in order to change the password you have to remember your old password. There is one more case to change the password when you forget your password on that case we called reset password or forgot password and for implementing forgot password you must have email confirmed because the password reset link is come to your email. But here we are implement change password in asp.net core identity so we have to remember our password.

How to Implement Change Password in Asp.net Core Identity?

In asp.net core identity we can change our password with the identity in-built method which takes three parameter user, old password and new password. We can call this method through the userManager in our method. But for using the userManager you have to initialize it also need to add parameters in the constructor.

_userManager.ChangePasswordAsync(user, model.OldPassword, model.NewPassword);

Now its time to add change password method in our code. I have add this method in my service you can also call directly in the controller but it is not always the good practice. So try to add your logic into your service to handle it properly.

public async Task<bool> ChangePassword(ChangePasswordRequestTypeViewModel model)
        {
            try
            {
                var user = await _userManager.FindByEmailAsync(model.Email);
                var res=await _userManager.ChangePasswordAsync(user, model.OldPassword, model.NewPassword);
                if (res.Succeeded)
                {
                    return true;
                }
                return false;
            }
            catch(Exception ex)
            {
                throw;
            }
        }

In Above code first of all I get the user from the email and then calling the method to change the password by passing arguments and then if the password is changed successfully then it returns true else it will return false. Basically it will take this type of request view model.

public class ChangePasswordRequestTypeViewModel
    {
        public string Email { get; set; }
        public string OldPassword { get; set; }
        public string NewPassword { get; set; }
    }

Now you have to call this service in your controller. I have made my service under the IAccountService therefore I have to call the ChangePassword method with accountService like given below:

        [HttpPost("changePassword")]
        public async Task<IActionResult> ChangePassword(ChangePasswordRequestTypeViewModel model)
        {
            try
            {
                var res = await _accountService.ChangePassword(model);
                return Ok(res);
            }
            catch(Exception ex)
            {
                return BadRequest(ex.Message+ " at ChangePassword");
            }
        }

Conclusion

In above article we have discussed how to implement change password with web API. So try to implement this at your own for better understanding. In my next article I am going to discuss about how to implement forgot password in asp.net core identity with Web API.