locked
ASP.NET MVC identity: Invalid token while resetting password RRS feed

  • Question

  • User212602440 posted

    Hi , am trying to add the reset password reset functionality in my web application , so  when enter my email address and submit the form i receive the email that contains  the token etc , then when i click on the link i got redirected to the reset password page , there i enter my email and the new password  , then when i hit reset button i got the following  error from the resetPassword action , "INVALID TOKEN" here 's my code and thank you.

     public async Task<ActionResult> ForgotPassword(Models.ForgotPasswordViewModel model)
            {
                
    
                if (ModelState.IsValid)
                {
                    var user = await UserManager.FindByEmailAsync(model.Email);
                    if (user == null)
                    {
                        // Don't reveal that the user does not exist or is not confirmed
                        return View("ForgotPasswordConfirmation");
                    }
                    // var provider = new DpapiDataProtectionProvider("CoreProject");
                    //UserManager.UserTokenProvider = new DataProtectorTokenProvider<ApplicationUser>(provider.Create("ForgotPassword"));
                    string code = await UserManager.GeneratePasswordResetTokenAsync(user.Id);
                    var callbackUrl = Url.Action("ResetPassword", "Home", new { userId = user.Id, code = HttpUtility.UrlEncode(code) }, protocol: Request.Url.Scheme);
                    await SendMail(user.Email,callbackUrl);
                    return RedirectToAction("ForgotPassword", "Home");

      public async Task<ActionResult> ResetPassword(Models.ResetPasswordViewModel model)
            {
                var user = await UserManager.FindByEmailAsync(model.Email);
                if (user == null)
                {
                    ViewBag.error = "Invalid email adress";
                    return View(model);
                }
                else
                {
                    
                    //var provider = new DpapiDataProtectionProvider("CoreProject");
                    //UserManager.UserTokenProvider = new DataProtectorTokenProvider<ApplicationUser>(provider.Create("ForgotPassword"));
                    
                    var result = await UserManager.ResetPasswordAsync(user.Id,HttpUtility.UrlDecode(model.Code),model.Password);
                    if (result.Succeeded)
                    {
                        RedirectToAction("Login");
                    }
                    else
                    {
                        return View(model);
                    }
                }
                return View();

    Monday, March 13, 2017 3:18 PM

All replies

  • User1397563414 posted

    Hi HaythamBS,

    When you reset your password, it will check the token.

    code = HttpUtility.UrlEncode(code)
    the code will be encoded and is not equall will the original value.

    If you want to encode it before email it, you'd better to use

       var origincode = HttpUtility.UrlDecode(code)

    to get original value.

    Hope this will be helpful.

    Best regards,
    JiyaoLee

    Tuesday, March 14, 2017 2:47 AM