If you're using IdentityServer, you could either redirect the user to the default management area at
/Identity/Account/Manage/ChangePassword
Or you could post the passwords (both new and old) to your API endpoint, get the current logged in User in the API Controller, then proceed to get their password from the UserManager and update it.
You'd need to inject UserManager
private readonly UserManager<ApplicationUser> _userManager;
public YourControllerName(UserManager<ApplicationUser> userManager)
{
_userManager = userManager;
}
Then something along these lines should work. The password model would just be a model that contains your new and old password. Probably the same Model you'd be using in your EditForm within your Blazor component.
[HttpPost]
[Route("resetpassword")] // Whatever your route path is
public async Task<IActionResult> UpdatePasswordAsync([FromBody] PasswordModel passwordModel)
{
if (!ModelState.IsValid)
{
return StatusCode(StatusCodes.Status400BadRequest);
}
var claimsIdentity = (ClaimsIdentity)User.Identity;
var claim = claimsIdentity.FindFirst(ClaimTypes.NameIdentifier);
var userId = claim.Value;
var user = await _userManager.FindByIdAsync(userId);
if (user == null)
{
return StatusCode(StatusCodes.Status404NotFound, "User Not Found");
}
var changePasswordResult = await _userManager.ChangePasswordAsync(user, passwordModel.OldPassword, passwordModel.NewPassword);
if (!changePasswordResult.Succeeded)
{
return StatusCode(StatusCodes.Status500InternalServerError, "Password Reset Unsuccessful");
}
return Ok();
}