diff --git a/Marco.Pms.Model/Dtos/Authentication/ChangePasswordDto.cs b/Marco.Pms.Model/Dtos/Authentication/ChangePasswordDto.cs
new file mode 100644
index 0000000..95177a3
--- /dev/null
+++ b/Marco.Pms.Model/Dtos/Authentication/ChangePasswordDto.cs
@@ -0,0 +1,17 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Marco.Pms.Model.Dtos.Authentication
+{
+    public class ChangePasswordDto
+    {
+        public string? Email { get; set; }
+
+        public string? OldPassword { get; set; } 
+
+        public string? NewPassword { get; set; }
+    }
+}
diff --git a/Marco.Pms.Services/Controllers/AuthController.cs b/Marco.Pms.Services/Controllers/AuthController.cs
index c8eac0c..98a49c3 100644
--- a/Marco.Pms.Services/Controllers/AuthController.cs
+++ b/Marco.Pms.Services/Controllers/AuthController.cs
@@ -8,9 +8,11 @@ using Marco.Pms.Model.Entitlements;
 using Marco.Pms.Model.Utilities;
 using MarcoBMS.Services.Helpers;
 using MarcoBMS.Services.Service;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
+using NuGet.Common;
 
 namespace MarcoBMS.Services.Controllers
 {
@@ -19,6 +21,7 @@ namespace MarcoBMS.Services.Controllers
     public class AuthController : ControllerBase
     {
         private readonly UserManager<ApplicationUser> _userManager;
+        private readonly UserHelper _userHelper;
         private readonly ApplicationDbContext _context;
         private readonly JwtSettings _jwtSettings;
         private readonly RefreshTokenService _refreshTokenService;
@@ -27,7 +30,7 @@ namespace MarcoBMS.Services.Controllers
         private readonly EmployeeHelper _employeeHelper;
         //string tenentId = "1";
         public AuthController(UserManager<ApplicationUser> userManager, ApplicationDbContext context, JwtSettings jwtSettings, RefreshTokenService refreshTokenService,
-            IEmailSender emailSender, IConfiguration configuration, EmployeeHelper employeeHelper)
+            IEmailSender emailSender, IConfiguration configuration, EmployeeHelper employeeHelper, UserHelper userHelper)
         {
             _userManager = userManager;
             _jwtSettings = jwtSettings;
@@ -36,6 +39,7 @@ namespace MarcoBMS.Services.Controllers
             _configuration = configuration;
             _employeeHelper = employeeHelper;
             _context = context;
+            _userHelper= userHelper;
         }
 
         [HttpPost("login")]
@@ -313,5 +317,52 @@ namespace MarcoBMS.Services.Controllers
 
             return Ok(ApiResponse<object>.SuccessResponse(new { }, "Password reset link sent.", 200));
         }
+
+
+        [Authorize]
+        [HttpPost("change-password")]
+        public async Task<IActionResult> ChangePassword([FromBody] ChangePasswordDto changePassword )
+        {
+            
+            try
+            {
+                var loggedUser = await _userHelper.GetCurrentUserAsync();
+                if (changePassword.Email == null)
+                {
+                    return BadRequest(ApiResponse<object>.ErrorResponse("Email is missing", "Email is missing",400));
+                }
+                ApplicationUser? requestedUser = await _userManager.FindByEmailAsync(changePassword.Email);
+                bool IsOldPassword = await _userManager.CheckPasswordAsync(requestedUser ?? new ApplicationUser(), changePassword.OldPassword ?? string.Empty);
+                if (requestedUser != null && loggedUser?.Email == requestedUser?.Email && IsOldPassword)
+                {
+                    var token = await _userManager.GeneratePasswordResetTokenAsync(requestedUser ?? new ApplicationUser());
+
+                    var result = await _userManager.ResetPasswordAsync(requestedUser ?? new ApplicationUser(), token, changePassword.NewPassword ?? string.Empty);
+
+
+                    if (!result.Succeeded)
+                    {
+                        var errors = result.Errors.Select(e => e.Description).ToList();
+                        return BadRequest(ApiResponse<object>.ErrorResponse("Failed to Change password", errors, 400));
+                    }
+
+
+                    Employee emp = await _employeeHelper.GetEmployeeByApplicationUserID(loggedUser?.Id ?? string.Empty);
+                    await _emailSender.SendResetPasswordSuccessEmail(loggedUser?.Email ?? string.Empty, emp.FirstName + " " + emp.LastName);
+
+                    return Ok(ApiResponse<object>.SuccessResponse(result.Succeeded, "Password Changed successfully.", 200));
+
+                }
+
+                return BadRequest(ApiResponse<object>.ErrorResponse("Incorrect Password and Email", "Invalid request.", 400));
+
+            }
+            catch(Exception exp)
+            {
+                return StatusCode(500, ApiResponse<object>.ErrorResponse("An unexpected error occurred.", exp.Message, 500));
+            }
+
+        }
+
     }
 }