Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is the use of asp.net identity .GenerateUserToken()

I understand that token from userManager.GeneratePasswordResetToken() is used to add as a security identifier in the hyperlink to send to user on password reset request.

But I am not sure what the user of userManager.GenerateUserToken() . I am able to generate the token , but not sure if this can be converted to claims like SAML tokens and be used for authorization .

Please help me understand this as I was not able to find any good documentation regarding this .

like image 321
Chandan Avatar asked Jan 12 '15 08:01

Chandan


People also ask

What is ASP NET identity used for?

The ASP.NET Identity is a fresh look at what the membership system should be when you are building modern applications for the web, phone or tablet. ASP.NET Identity allows you to add customized login/logout functionality and customized profile features that make it easy to customize the data about the logged-in user.

What is security stamp in asp net identity?

The security stamp is a Guid stored in the database against the user. It gets updated when certain actions take place within the Identity UserManager class and provides a way to invalidate old tokens when an account has changed.

What is identity in ASP NET MVC?

Identity in MVC 5 Identity is a secured way of authentication methods in web applications. It is used for identifying the authorized user. Background. There are different ways of creating an Identity in applications, but this article explains how to create it using OWIN in ASP.NET MVC.

How does identity framework work?

The Identity framework is another dependency that we will add to our application in the project. js file. This framework allows us to add features where users can register and log in with a local password. The framework also supports two-factor authentication, third-party identity providers and other features.


2 Answers

GenerateUserToken() is used to create password-reset tokens and email-confirmation tokens. This method takes string parameter purpose that is describing what sort of operation is going to happen. Effectively this purpose is an encryption key that is used to decrypt the generated token.

So you can create your own tokens for your own purposes, for example you can have ConfirmJobOffer operation in recruitment application. And you can create token just for that operation and sent the link with this token to a user:

var token = userManager.GenerateUserToken(userId, "ConfirmJobOffer");
// now send this token as part of the link

Then in controller, once the token made back to you you can call:

var tokenCorrect = await userManager.VerifyUserTokenAsync(userId, "ConfirmJobOffer", token);
if (tokenCorrect)
{
    // do stuff if token is correct
}

Generally you would not use GenerateUserToken directly, unless you are doing custom tokens. You'd use GeneratePasswordResetTokenAsync and GenerateEmailConfirmationTokenAsync.

Please note: this is is not aimed to do SAML tokens or related authorization.

like image 56
trailmax Avatar answered Oct 09 '22 09:10

trailmax


Adding to trailmax's answer...

This line from the answer has the parameter swapped:

var token = userManager.GenerateUserToken(userId, "ConfirmJobOffer");

Will generate

System.InvalidOperationException: 'UserId not found.'

It Should read:

var token = userManager.GenerateUserToken("ConfirmJobOffer",userId);

I tried editing the post and it got rejected. I can see where it looks a little confusing...but TUser is the user supplied Key or "purpose" and TKey is the userId.

From the UserManagerExtensions class:

public static string GenerateUserToken<TUser, TKey>(this UserManager<TUser, TKey> manager, string purpose, TKey userId)
    where TUser : class, IUser<TKey>
    where TKey : IEquatable<TKey>;
like image 43
Chris Catignani Avatar answered Oct 09 '22 09:10

Chris Catignani