Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Token invalid on reset password with ASP.NET Identity

Tags:

I've implemented ASP.NET Identity in my MVC application by copying the code from the VS 2013 templates. The basic thing is working, but I couldn't get the Reset Password to work. When I show the "forgot password" page an email is generated which contains the token. This token is returned by the method:

UserManager.GeneratePasswordResetTokenAsync(user.Id)

When I click the link the reset password forms open and lets the user input their email address and a new password. Then the call to the change password functionality is made:

UserManager.ResetPasswordAsync(user.Id, model.Code, model.Password);

This looks good to me, but the result is always a "Invalid Token" and I don't get why that is.

Does anybody have an idea why it isn't working? And where the hell is the token stored? I thought it must be in the database somewhere around the AspNetUsers table...

like image 413
Pramod Gehlot Avatar asked Dec 02 '14 04:12

Pramod Gehlot

People also ask

Why is my reset password token invalid?

If you're trying to reset your password and you receive an error citing an “invalid token” or asking you for your token, it's likely that the link you clicked on to reset your password has expired. For security reasons, passwords are never sent out across the Internet.

How do I fix an invalid token?

There are two ways to fix the error: (RECOMMENDED) Change the application signature algorithm to RS256 instead of HS256. Change the value of your responseType parameter to token id_token (instead of the default), so that you receive an access token in the response.

What does it mean by token is invalid?

This error means that the app has experienced an authentication problem and can't verify your account information. If it occurs, you'll be automatically signed out of your account. You need to sign in to your account to continue working on your projects.

1 Answers

The token generated by UserManager in ASP.NET Identity usually contains "+" characters which when passed as a query string get changed into "" (a space) in the URL. In your ResetPassword ActionResult replace "" with "+" like this:

var code = model.Code.Replace(" ", "+"); //And then change the following line  UserManager.ResetPasswordAsync(user.Id, model.Code, model.Password); //To this one so it uses the code(spaces replaced with "+") instead of model.Code UserManager.ResetPasswordAsync(user.Id, code, model.Password);

That should do the trick. I had the same problem and found the answer here.

like image 66
Mansoor Avatar answered Sep 21 '22 16:09

Mansoor
Sign in to Comment

Related questions

$wpdb->insert not working, last_query doesn't show insert "SHOW FULL COLUMNS FROM"
How to enable color for PHP CLI?
Disable go vet checks for "composite literal uses unkeyed fields"
Keras rename model and layers
action function is required with antd upload control, but I dont need it
ERR_ACCESS_DENIED in webView in android
unknown attribute 'service_name' for ActiveStorage::Blob
Error: secretOrPrivateKey must have a value
Regex to match all HTML tags except <p> and </p>
OpenGL still better than Direct3D for non-games? [closed]
BeautifulSoup - modifying all links in a piece of HTML?
Any way to specify optional parameter values in PHP?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!