ResetPasswordAsync返回'无效令牌'.在WebJob内部生成令牌时 [英] ResetPasswordAsync returns 'Invalid Token' when token is generated inside a WebJob

问题描述

我有一个预定的WebJob ，它每天运行，并检查数据库中所有用户的密码到期日期.如果密码的到期日是今天，它将生成一个密码重置令牌，并通过电子邮件发送给用户.然后，用户单击电子邮件中的URL，然后转到一个网站，在该网站上输入新密码.

I have a scheduled WebJob that runs on daily basis and checks the password expiry date for all users in my database. If the password expiry date is today, it will generate a password reset token and send it to the user via email. Then user clicks the url in the email and is brought to a website, where they input the new password.

我设法在WebJob中生成一个令牌，并通过电子邮件将其发送出去.但是，当通过我的Asp.NET网站重置密码时，我得到无效令牌.我不知道为什么.我认为它一定与我的WebJob中的令牌提供者有关.

I managed to generate a token in my WebJob and send it over via email. However, when resetting the password through my Asp.NET Website I get Invalid Token. I cannot figure out why. I assume it must have something to do with the token provider from my WebJob.

1)我的 Asp.NET网站.自定义UserManager:

1) My Asp.NET website. The custom UserManager:

public class CustomUserManager : UserManager<ApplicationUser> {
    public CustomUserManager(IUserStore<ApplicationUser> store) : base(store) { }          

    public static CustomUserManager Create(IdentityFactoryOptions<CustomUserManager> options, IOwinContext context) {
        var db = context.Get<DataContext>();
        var manager = new CustomUserManager(new UserStore<ApplicationUser>(db));
        // [...]          
        var dataProtectionProvider = options.DataProtectionProvider;
        if (dataProtectionProvider != null) {
            manager.UserTokenProvider = new DataProtectorTokenProvider<ApplicationUser>(dataProtectionProvider.Create("ASP.NET Identity"));
        }
        // [...]   
        return manager;
    }
}

这样使用:

userManager = HttpContext.GetOwinContext().Get<CustomUserManager>();
// [...]
await userManager.ResetPasswordAsync(model.Id, model.Token, model.ConfirmPassword); // token here is invalid (although the string looks like a proper token)

2)我的 WebJob 功能:

public static async void CheckPasswords([QueueTrigger("checkpasswords")] string message) {
    using (var db = new DataContext())
    using (var userManager = new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(db))) {
        var provider = new DpapiDataProtectionProvider("MyApp");
        userManager.UserTokenProvider = new DataProtectorTokenProvider<ApplicationUser>(provider.Create("PasswordReset"));

        var users = await queryHandler.Run(new UserPasswordExpiryQuery());
        foreach (var user in users) {
            var days = new DateCalculations().DaysFromNow(user.PasswordExpiryDate);
            // if password expired today
            if (days == 0) {
                var token = await userManager.GeneratePasswordResetTokenAsync(user.Id);
                var url = string.Format("{0}/resetpass?user={1}&token={2}", settings.BaseUrl, user.Id, HttpUtility.UrlEncode(token));
                // [...] send email logic here
            }
        }
    }
}

最新编辑

我想我可能已经知道了.我在Asp.NET应用程序中替换了令牌提供程序:

I think I might have figured it out. I replaced the token provider in my Asp.NET app:

旧代码:

var dataProtectionProvider = options.DataProtectionProvider;
if (dataProtectionProvider != null) {
manager.UserTokenProvider =
    new DataProtectorTokenProvider<ApplicationUser>(dataProtectionProvider.Create("ASP.NET Identity"));
}

新代码:

 var provider = new DpapiDataProtectionProvider("MyApp");
 manager.UserTokenProvider = new DataProtectorTokenProvider<ApplicationUser>(provider.Create("ASP.NET Identity"));

稍后将做进一步的测试.

Will do some further testing later on.

推荐答案

您正在运行的逻辑可能针对某些

It's possible that the logic you are running is running against some sandbox limitation.

如果您直接共享Web应用程序名称，或者直接或间接，以及一次此类失败的UTC时间，我有可能确认这一点.

If you share your web app name, either directly or indirectly, and the UTC time of one such failure, I could potentially confirm this.

这篇关于ResetPasswordAsync返回'无效令牌'.在WebJob内部生成令牌时的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！