Identity 2.0 sms password reset with token

Question

Identity 2.0 sms password reset with token

Every time I see that it caused people, they confuse it with two-factor authentication, which is outlined in the new Identity 2.0 template. But is there a process for creating a useful (not 100 characters) reset token for the user and deliver it via sms? Before I start creating my own method, I was hoping to see at least some tips on how to create a secure token that is smaller (maybe with PhoneNumberTokenProvider I guess?), And I hope we don't have to change my tables further.

This is similar to the first thing you would like to do when you have a user with a verified phone number.

+4

asp.net-mvc asp.net-identity-2

Precision roy Jul 18 '14 at 13:41

source share

1 answer

Hao kung · Answer 1 · 2014-07-22T18:50:11+0000

You can connect another UserTokenProvider to replace tokens to confirm / reset the password. Instead, you can use the built-in PhoneNumberTokenProvider if you want to use a time-based TOTP token.

The reason why tokens are long by default is because they are self-signed tokens with their lifetimes embedded in the token.

Identity 2.0 sms password reset with token

More articles: