Menu
I'm writting MVC 5 and using Identity 2.0.
Now I m trying to reset password. But i always getting "invalid token" error for reset password token.
public class AccountController : Controller { public UserManager<ApplicationUser> UserManager { get; private set; } public AccountController() : this(new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(new ApplicationDbContext()))) { } and i set DataProtectorTokenProvider,
public AccountController(UserManager<ApplicationUser> userManager) { //usermanager config userManager.PasswordValidator = new PasswordValidator { RequiredLength = 5 }; userManager.EmailService = new IddaaWebSite.Controllers.MemberShip.MemberShipComponents.EmailService(); var provider = new Microsoft.Owin.Security.DataProtection.DpapiDataProtectionProvider(); userManager.UserTokenProvider = new Microsoft.AspNet.Identity.Owin.DataProtectorTokenProvider<ApplicationUser>(provider.Create("UserToken")) as IUserTokenProvider<ApplicationUser, string>; UserManager = userManager; } i generate password reset before sending mail
[HttpPost] [ValidateAntiForgeryToken] public async Task<ActionResult> ManagePassword(ManageUserViewModel model) { if (Request.Form["email"] != null) { var email = Request.Form["email"].ToString(); var user = UserManager.FindByEmail(email); var token = await UserManager.GeneratePasswordResetTokenAsync(user.Id); //mail send } } i click link in mail and i'm getting passwordreset token and using
var result = await UserManager.ResetPasswordAsync(model.UserId, model.PasswordToken, model.NewPassword); the result always false and it says "Invalid Token". Where should i fix ?
622
If you're trying to reset your password and you receive an error citing an “invalid token” or asking you for your token, it's likely that the link you clicked on to reset your password has expired. For security reasons, passwords are never sent out across the Internet.
The “Invalid Token” message indicates that a link has either been used previously, or has expired. To generate a new link, reset your password again through the main login screen. If you continue to have trouble, ensure you are referencing the most current Password Reset link.
The Invalid Token error means the login for the session you are trying to access is no longer valid. This happens in our systems due to invalid session cookies still being maintained by the browser. Please try clearing your browser's cookies for All time.
A reset token is a one-code to verify you as the recipient of a message. It is mostly used to verify an email address as belonging to the user who entered it, or as a way of granting a user with a known email address a way to change a forgotten password.
UserManager.GeneratePasswordResetTokenAsync() very often returns string that contains '+' characters. If you pass parameters by query string, this is the cause ('+' character is a space in query string in URL).
Try to replace space characters in model.PasswordToken with '+' characters.
110
[HttpPost] [ValidateAntiForgeryToken] publicasync Task<ActionResult> ManagePassword(ManageUserViewModel model) { if (Request.Form["email"] != null) { var email = Request.Form["email"].ToString(); var user = UserManager.FindByEmail(email); var token = await UserManager.GeneratePasswordResetTokenAsync(user.Id); //before send mail token = HttpUtility.UrlEncode(token); //mail send } } And on password reset action decode token HttpUtility.UrlDecode(token);
23
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
