Make ASP.NET Identity 2.0 Email confirm token work for WCF and MVC

Question

I have a service project (WCF) and MVC project which uses same database, to handle service part for Mobile and Interface part. I have to set up email confirmation on both.

I have used OWIN ASP.NET 2.0 library for authentication, and both projects have separate UserManagers.

For MVC

public static ApplicationUserManager Create(IdentityFactoryOptions<ApplicationUserManager> options, IOwinContext context)
{
  var dataProtectionProvider = options.DataProtectionProvider;
  if (dataProtectionProvider != null)
  {
    manager.UserTokenProvider = new DataProtectorTokenProvider<ApplicationUser>dataProtectionProvider.Create("ASP.NET"));
  }
}

For WCF

var provider = new Microsoft.Owin.Security.DataProtection.DpapiDataProtectionProvider("ASP.NET");
UserManager.UserTokenProvider =new Microsoft.AspNet.Identity.Owin.DataProtectorTokenProvider<ApplicationUser>(
provider.Create("EmailConfirm"));
var code = idManager.UserManager.GenerateEmailConfirmationToken(appuser.Id);

The Problem The email confirmation token generated in MVC works fine.

In WCF when i create an email confirmation token, it needs to be verified from MVC website. Here it gives me "Invalid Token".

I think it is due to the Token Codes not matching, I tried to make them same as i can, but don't really know which one goes where between Wcf and MVC.

btw. I am testing on localhost from Visual studio.

Answer 1

I found the solution. The problem was the DataProtectionProvider.

On MVC, it was getting from:

public static ApplicationUserManager    
    Create(IdentityFactoryOptions<ApplicationUserManager> options, IOwinContext context)
    {
      var dataProtectionProvider = **options.DataProtectionProvider**;

On WCF, it was from:

var provider = new Microsoft.Owin.Security.DataProtection.DpapiDataProtectionProvider("ASP.NET");

So I used same as WCF in MVC:

var dataProtectionProvider = new Microsoft.Owin.Security.DataProtection.DpapiDataProtectionProvider("ASP.NET");

Also, the key point is:

• Provider name. It should be the same on both.
• While creating the URL from WCF, we need to use HttpUtility.UrlEncode to encode the token code.

Example:

var code = UserManager.GenerateEmailConfirmationToken(appuser.Id);    
var callbackUrl = string.Format("http://MVCSite/Account/ConfirmEmail?userId={0}&code={1}",    HttpUtility.UrlEncode(appuser.Id), HttpUtility.UrlEncode(code));

---

Update

For anyone trying to host multiple projects, you need one of these two things to be the same to still be able to use the confirmation code:

• Application Pool
• Machine Key

Email Confirmation Error Invalid Token AspNet Identity

http://gunaatita.com/Blog/How-to-Generate-Machine-Key-using-IIS/1058