DataProtectionProvider in the Identity sample project

Question

The official Identity 2 sample project has the code below in UserManager.Create()

public static UserManager Create(IdentityFactoryOptions<UserManager> options, IOwinContext context) {

  //...etc...

  // --- what does this block do? ---
  var dataProtectionProvider = options.DataProtectionProvider;
  if (dataProtectionProvider != null) {
    manager.UserTokenProvider = new DataProtectorTokenProvider<User>(dataProtectionProvider.Create("ASP.NET Identity"));
  }
  // --------------------------------

  //...etc...

}

The alpha/beta/RTM Identity documentation is bad or non-existent.

What does this do?

Answer 1

The protection provider in the following line is used as a token provider/generator.

manager.UserTokenProvider = new DataProtectorTokenProvider<User>(dataProtectionProvider.Create("ASP.NET Identity"));

It is responsible for generating an email confirmation token or a password reset token. If you do not set this line you won't be able to use this features (an appropriate exception will be thrown). An example can be found here.

Its main purpose is to provide an implementation of the IDataProtector interface (through the Create method) which encrypts and decrypts data. An implementation for this interface in the framework is the DpapiDataProtectionProvider which should be used when the application is not hosted by ASP.NET. There are several other implementations on the web (for example one which uses the machine key for security purposes). class For more information about the DataProtectorTokenProvider have a look at the MSDN documentation.

UPDATE

Extensive Data Protection documentation is now available.