Geek Answers Handbook

Manual password reset reset in ASP.NET ID

I would like to manually check the reset password token in ASP.NET Identity 2.0. I am trying to create my own version of UserManager.ResetPasswordAsync(string userId, string token, string newPassword) , which accepts IdentityUser instead of userId as follows:

 UserManager.ResetPasswordAsync(IdentityUser user, string token, string newPassword)

Not sure if I am doing this correctly, but here I am trying to verify the code that was sent to the user by email at an earlier stage. I have not changed the code / token that sends an email to the user and generates a code. I assume this is the correct invocation method, but the purpose argument is incorrect. (I tried passing "ASP.NET Identity", but not cubes.)

 if (await userManager.UserTokenProvider.ValidateAsync(purpose: "?", token: code, manager: userManager, user: user)) { return IdentityResult.Success; } else { return new IdentityResult("Invalid code."); }

If someone can fill me with details about how this works out of the box, or point me to the Microsoft source code for UserManager.ResetPasswordAsync(IdentityUser user, string token, string newPassword) , which would be most appreciated!

+8
asp.net-mvc asp.net-identity asp.net-identity-2
source share
2 answers

It appears that the code for Microsoft.AspNet.Identity was not Open Sourced according to the Codeplex repository located at:

https://aspnetidentity.codeplex.com/SourceControl/latest#Readme.markdown

Currently, ASP.NET Identity infrastructure code is not publicly available and therefore will not be published on this site. However, we plan to change this, and as soon as we can, the code will be published in this repository.

However, I found this, which could be the source for the Debug Symbols-based UserManager:

Source Code UserManager

I also found these posts that might help:

Implement custom password policy using ASP.NET identifier

UserManager class documentation

IUserTokenProvider Interface Documentation

+3
source share

I overcame my problem by setting the goal to "ResetPassword".

Below is a snippet of the final result if someone wants to do something like this. This is the method in my ApplicationUserManager class. Understand, however, that some of the exception handling that Microsoft implements are missing or not localized, because some of the private variables, methods, and resources used in their code are not available. Unfortunately, they did not protect this material so that I could receive it. It seems to me that the missing call to the ThrowIfDisposed method ThrowIfDisposed interesting (and bazaar). Apparently, they expect method calls after the instance has been deleted to provide a more friendly error message and avoid the unexpected.

 public async Task<IdentityResult> ResetPasswordAsync(IdentityUser user, string token, string newPassword) { if (user == null) { throw new ArgumentNullException("user"); } // Make sure the token is valid and the stamp matches. if (!await UserTokenProvider.ValidateAsync("ResetPassword", token, this, user)) { return IdentityResult.Failed("Invalid token."); } // Make sure the new password is valid. var result = await PasswordValidator.ValidateAsync(newPassword) .ConfigureAwait(false); if (!result.Succeeded) { return result; } // Update the password hash and invalidate the current security stamp. user.PasswordHash = PasswordHasher.HashPassword(newPassword); user.SecurityStamp = Guid.NewGuid().ToString(); // Save the user and return the outcome. return await UpdateAsync(user).ConfigureAwait(false); }
+8
source share

More articles:


All Articles