Menu
I understand that token from userManager.GeneratePasswordResetToken() is used to add as a security identifier in the hyperlink to send to user on password reset request.
But I am not sure what the user of userManager.GenerateUserToken() . I am able to generate the token , but not sure if this can be converted to claims like SAML tokens and be used for authorization .
Please help me understand this as I was not able to find any good documentation regarding this .
321
The ASP.NET Identity is a fresh look at what the membership system should be when you are building modern applications for the web, phone or tablet. ASP.NET Identity allows you to add customized login/logout functionality and customized profile features that make it easy to customize the data about the logged-in user.
The security stamp is a Guid stored in the database against the user. It gets updated when certain actions take place within the Identity UserManager class and provides a way to invalidate old tokens when an account has changed.
Identity in MVC 5 Identity is a secured way of authentication methods in web applications. It is used for identifying the authorized user. Background. There are different ways of creating an Identity in applications, but this article explains how to create it using OWIN in ASP.NET MVC.
The Identity framework is another dependency that we will add to our application in the project. js file. This framework allows us to add features where users can register and log in with a local password. The framework also supports two-factor authentication, third-party identity providers and other features.
GenerateUserToken() is used to create password-reset tokens and email-confirmation tokens. This method takes string parameter purpose that is describing what sort of operation is going to happen. Effectively this purpose is an encryption key that is used to decrypt the generated token.
So you can create your own tokens for your own purposes, for example you can have ConfirmJobOffer operation in recruitment application. And you can create token just for that operation and sent the link with this token to a user:
var token = userManager.GenerateUserToken(userId, "ConfirmJobOffer");
// now send this token as part of the link
Then in controller, once the token made back to you you can call:
var tokenCorrect = await userManager.VerifyUserTokenAsync(userId, "ConfirmJobOffer", token);
if (tokenCorrect)
{
// do stuff if token is correct
}
Generally you would not use GenerateUserToken directly, unless you are doing custom tokens. You'd use GeneratePasswordResetTokenAsync and GenerateEmailConfirmationTokenAsync.
Please note: this is is not aimed to do SAML tokens or related authorization.
56
Adding to trailmax's answer...
This line from the answer has the parameter swapped:
var token = userManager.GenerateUserToken(userId, "ConfirmJobOffer");
Will generate
System.InvalidOperationException: 'UserId not found.'
It Should read:
var token = userManager.GenerateUserToken("ConfirmJobOffer",userId);
I tried editing the post and it got rejected. I can see where it looks a little confusing...but TUser is the user supplied Key or "purpose" and TKey is the userId.
From the UserManagerExtensions class:
public static string GenerateUserToken<TUser, TKey>(this UserManager<TUser, TKey> manager, string purpose, TKey userId)
where TUser : class, IUser<TKey>
where TKey : IEquatable<TKey>;
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
