ResetPassword令牌如何以及在哪里是它存储？ [英] ResetPassword Token How and where is it stored?

问题描述

我一直在试图了解如何重置密码和放大器;帐户确认工作于ASP.NET身份。我只是想知道，如果被存储的令牌，如果有，在哪里？

是这个样子我收到的时候我使用密码重置功能的链接

<$p$p><$c$c>http://localhost:1470/Account/ResetPassword?userId=a8b1389c-df93-4dfc-b463-541507c1a4bc&$c$c=yhUegXIM9SZBpPVbBtv22kg7NO7F96B8MJi9MryAadUY5XYjz8srVkS5UL8Lx%2BLPYTU6a6jhqOrzMUkkMyPbEHPY3Ul6%2B%2F0s0qQvtM%2FLLII3s29FgkcK0OnjX46Bmj9JlFCUx53rOH%2FXMacwnKDzoJ1rbrUyypZiJXloIE50Q6iPuMTUHbX9O%2B3JMZtCVXjhhsHLkTOn9IVoN6uVAOMWNQ%3D%3D

我的猜测是，这个标记是存储在链接本身，因为我找不到它的任何踪迹其他地方。也许有人确切知道？

解决方案

正如我在评论中提及

使用SecurityStamp和验证对SecurityStamp，而不是存储数据库或本地文件存储在任何地方生成的令牌。如果更新SecurityStamp，那么previous令牌不再有效。

I've been trying to understand how the reset password & account confirmation works in ASP.NET Identity. I'd just like to know if the Tokens are being stored and if so, where?

The links I receive when I'm using the password reset feature look something like this

http://localhost:1470/Account/ResetPassword?userId=a8b1389c-df93-4dfc-b463-541507c1a4bc&code=yhUegXIM9SZBpPVbBtv22kg7NO7F96B8MJi9MryAadUY5XYjz8srVkS5UL8Lx%2BLPYTU6a6jhqOrzMUkkMyPbEHPY3Ul6%2B%2F0s0qQvtM%2FLLII3s29FgkcK0OnjX46Bmj9JlFCUx53rOH%2FXMacwnKDzoJ1rbrUyypZiJXloIE50Q6iPuMTUHbX9O%2B3JMZtCVXjhhsHLkTOn9IVoN6uVAOMWNQ%3D%3D

My guess is that the tokens are stored in the link itself since I cannot find any trace of it anywhere else. Maybe someone knows for sure?

解决方案

As I mentioned in the comment

"Tokens are generated using the SecurityStamp and validating against the SecurityStamp and not storing anywhere in database or local file storage. If you update the SecurityStamp, then previous tokens are no longer valid."

这篇关于ResetPassword令牌如何以及在哪里是它存储？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！