Asp.net核心电子邮件确认有时显示InvalidToken [英] Asp.net Core Email confirmation sometimes says InvalidToken

问题描述

我正在使用asp.net核心身份2.1，并且电子邮件确认出现随机问题，而电子邮件确认有时会显示 result.Error = InvalidToken 。令牌也未过期。

I am using asp.net core identity 2.1 and i am having a random issue with email confirmation, which while email confirmation sometimes says result.Error = InvalidToken. The token is also not expired.

注意：我们正在使用多台服务器，并且我们还存储了密钥放在一个位置，以便所有服务器使用相同的密钥。

Note: We are using multiple servers, and we have also stored our keys in one place so that all the servers use the same keys.

用于确认电子邮件的代码段。

Code snippet for email confirmation.

电子邮件确认

var confCode = await _userManager.GenerateEmailConfirmationTokenAsync(user);
        var callbackUrl = Url.Action("ConfirmEmail", "Account", new
        {
            userId = user.Id,
            code = WebUtility.UrlEncode(confCode)
        }, protocol: HttpContext.Request.Scheme);

        string confirmationEmailBody = string.Format(GetTranslatedResourceString("ConfirmationEmailBody"), "<a href='" + callbackUrl + "'>") + "</a>";

令牌验证

public async Task<bool> ConfirmEmailAsync(string userId, string code)
    {
        if (string.IsNullOrEmpty(userId) || string.IsNullOrEmpty(code))
            return false;


        var user = await _userManager.FindByIdAsync(userId);

        if (user == null)
            return false;

        var result = await _userManager.ConfirmEmailAsync(user, code).ConfigureAwait(false);

        if (!result.Succeeded)
            result = await _userManager.ConfirmEmailAsync(user, WebUtility.UrlDecode(code)).ConfigureAwait(false);

        return result.Succeeded;
    }

无效令牌

以下令牌被编码了两次，但我们可以解决这种情况

The below token is encoded twice but we handle that situation

CfDJ8HYrrpCgcr5GvrItPOWapXRy8WF8odd%252BVKuDup7buRsl1x4agRpfgQlEIPWiBqM0Wuilu9tCv5l%252B3lNaAb89%252Fi%252B4k0y%252FH0jdXAbabz0%252FXDGA0eUrmcKdIsDFNuXeyP5ezTVmTx8t0ky9xCTXaKLAfvTsCJviETk5Ag9JbUs3l3%252BnUon6fyYOHsslJI5VKLqhMM0Sm%252BW1EE%252B%252FPEJ%252BXcn%252FPS1My%252BI1lExuF1R1hFEZScEsUCG%252Bx%252BVIFB9bzs1IoLC%252Baw%253D%253D

任何帮助将不胜感激，谢谢！

Any help will be appreciated, Thank you!

推荐答案

此问题似乎是基本查询字符串相关问题。
您的问题中没有关于样本期望值和样本实际值的指示。因此，在这里我将无法为您提供确切的答案。但是下面的两个指针肯定可以解决此问题。

This problem seems to be basic Query String Related issue. There are no pointers in your question about sample expected value and sample actual value. Hence I will not be able to provide you exact answer here. But below two are the pointers which will certainly resolve this issue.

可以有两个问题：

问题1：HtmlDecode / UrlDecode之后，未恢复原始Base-64

这些令牌被编码为base 64字符串，其中可能包含'+ '。

These tokens are encoded as base 64 strings which may contain characters like '+'.

它们被发送到服务器。

They are sent to server.

然后服务器尝试对该字符串执行HtmlDecode操作，以删除原始base 64令牌中实际存在的字符。

Then server tries to perform HtmlDecode operation on this string, to remove the characters which were actually present in original base 64 token.

例如 +将替换为空字符串。

E.g. '+' is replaced by empty string.

因此，WebUtility.HtmlDecode之后生成的令牌无效。这就是为什么您会收到无效令牌错误的原因

So, the token generated after WebUtility.HtmlDecode is invalid. That's why you get the invalid token error

如何检查此错误？您可以调试并查看其值是什么HtmlDecode之后，以及期望值。如果它们不同，则这是根本原因。

How to check this ? You can debug and see what is the value after HtmlDecode and what is expected value. If they are differing then this is root cause.

问题2：查询字符串格式不正确

查询字符串中的多个键值对使用'&'字符进行连接。
例如key1 = value1& key2 = value2

Multiple key value pairs in query strings are joined using '&' character. e.g. key1=value1&key2=value2

但有时不是& 而是其编码版本& 出现在查询字符串中。

例如key1 = value1& key2 = value2

But some times instead of & , its encoded version & comes in the query string.
e.g. key1=value1&key2=value2

在这种情况下，.Net服务器将无法正确解析查询字符串。

The .Net server would not be able to parse query string correctly if this is the case.

如何检查？您可以使用QueryString属性直接从HttpContext或HttpRequest中读取原始查询字符串，并进行检查如果是这样的话。如果是，则可以更改客户端以发送适当的查询字符串（更具逻辑性和可维护性），也可以编写一些代码在服务器端进行更正。

How to check this ? You can use directly read raw query string from HttpContext or HttpRequest using QueryString property and check if this is the case. If it is then you can either change your client to send appropriate query string (more logical and maintainable) or write some code to correct it on server side.

这些指针应该可以帮助您解决问题。

These pointers should help you to resolve the issue.

这篇关于Asp.net核心电子邮件确认有时显示InvalidToken的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！