Asp.net身份电子邮件Verifcation令牌无法识别 [英] Asp.net Identity Email Verifcation Token Not Recognized
问题描述
我们正在使用在Web窗体应用程序微软的身份框架V2.0。一切工作正常。我们决定要添加的电子邮件验证为成立过程中的新帐户的一部分。如果我们验证令牌它是在同一页创建后,我们是成功的。但是,如果我们尝试验证令牌在不同的页面,它失败。这个过程是很简单的:
We are using Microsoft's Identity Framework v2.0 in a web forms application. All is working well. We decided we want to add email verification as part of the new account set up process. If we validate the token after it is created in the same page, we are successful. But if we try to validate the token in a different page, it fails. The process is very simple:
- 管理员创建提供用户的电子邮件地址和名称的新帐户。 (我们不支持自注册)。
- 用户点击链接,他在电子邮件中得到验证收到的电子邮件。
下面是code创建的电子邮件验证令牌:
Here is the code to create the email verification token:
var manager = new UserManager();
var user = new ApplicationUser() { UserName = EmailAddress.Text, Email = EmailAddress.Text, FirstName = FirstName.Text, LastName = LastName.Text };
IdentityResult result = manager.Create(user);
var provider = new DpapiDataProtectionProvider();
manager.UserTokenProvider = new DataProtectorTokenProvider<ApplicationUser>(provider.Create("EmailConfirmation"))
{
TokenLifespan = TimeSpan.FromHours(24)
};
var strToken = manager.GenerateEmailConfirmationToken(user.Id);
//IdentityResult validToken = manager.ConfirmEmail(user.Id, strToken);
strToken = HttpUtility.UrlEncode(strToken.ToString());
请注意:如果我们取消注释开始// IdentityResult validToken行了... ...,那么它成功
NOTE: If we uncomment the line beginning //IdentityResult validToken..., then it succeeds.
下面是VerifyEmail页面上的code:
Here is the code on the VerifyEmail page:
string userid = Request.QueryString["id"].ToString();
string tokenReceived = Request.QueryString["token"].ToString();
//tokenReceived = HttpUtility.UrlDecode(tokenReceived);
ApplicationUser User = new ApplicationUser();
var manager = new UserManager();
User = manager.FindById(userid);
var provider = new DpapiDataProtectionProvider();
manager.UserTokenProvider = new DataProtectorTokenProvider<ApplicationUser>(provider.Create("EmailConfirmation"))
{
TokenLifespan = TimeSpan.FromHours(24)
};
IdentityResult validToken = manager.ConfirmEmail(User.Id, tokenReceived);
该validToken行不以这个文件成功。我已经验证了串User.Id和tokenReceived严丝合缝在这两个文件中,所以没有URL腐败回事。 (这就是为什么我注释掉UrlDe code,因为它似乎是通过自动浏览器去codeD - 当我试图去code,它不是100%一样的编码前的字符串)。
The validToken line does not succeed in this file. I have validated that the strings User.Id and tokenReceived match EXACTLY in both file, so there is no URL corruption going on. (That is why I commented out the UrlDecode since it seems to be decoded by the browser automatically - when I try to decode, it is not 100% the same as the string before encoding).
所以我敢肯定我们呼吁同样的方法(ConfirmEmail)和所传递的两个参数是完全一样的字符串。我也知道,一个令牌只能用一次验证,所以我并不想一次后确认他们重新使用它们。
So I am certain we are calling the same method (ConfirmEmail) and that the two parameters that are passed are exactly the same strings. I am also aware that a token can only be validated once, so I am not trying to re-use them after once validating them.
任何想法将受到欢迎。
推荐答案
我觉得在这个问题 DpapiDataProtectionProvider - 如果你使用这个类的同一实例中创建和验证令牌,它会正常工作。
I think the problem in DpapiDataProtectionProvider - If you use the same instance of this class in creating and validating the token, it'll work fine.
你没有得到任何理由的UserManager 从Owin语境按照VC2013模板?
Any reason you are not getting UserManager from Owin Context as per VC2013 template?
这篇关于Asp.net身份电子邮件Verifcation令牌无法识别的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
