Asp.net Core 电子邮件确认有时会说 InvalidToken [英] Asp.net Core Email confirmation sometimes says InvalidToken
问题描述
我使用的是 asp.net 核心身份 2.1,我在使用电子邮件确认时遇到随机问题,而电子邮件确认有时会显示 result.Error = InvalidToken.令牌也没有过期.
I am using asp.net core identity 2.1 and i am having a random issue with email confirmation, which while email confirmation sometimes says result.Error = InvalidToken. The token is also not expired.
注意:我们正在使用多台服务器,我们还将密钥存储在一个地方,以便所有服务器使用相同的密钥.
Note: We are using multiple servers, and we have also stored our keys in one place so that all the servers use the same keys.
用于电子邮件确认的代码片段.
Code snippet for email confirmation.
电子邮件确认
var confCode = await _userManager.GenerateEmailConfirmationTokenAsync(user);
var callbackUrl = Url.Action("ConfirmEmail", "Account", new
{
userId = user.Id,
code = WebUtility.UrlEncode(confCode)
}, protocol: HttpContext.Request.Scheme);
string confirmationEmailBody = string.Format(GetTranslatedResourceString("ConfirmationEmailBody"), "<a href='" + callbackUrl + "'>") + "</a>";
令牌验证
public async Task<bool> ConfirmEmailAsync(string userId, string code)
{
if (string.IsNullOrEmpty(userId) || string.IsNullOrEmpty(code))
return false;
var user = await _userManager.FindByIdAsync(userId);
if (user == null)
return false;
var result = await _userManager.ConfirmEmailAsync(user, code).ConfigureAwait(false);
if (!result.Succeeded)
result = await _userManager.ConfirmEmailAsync(user, WebUtility.UrlDecode(code)).ConfigureAwait(false);
return result.Succeeded;
}
无效令牌
下面的标记被编码了两次,但我们会处理这种情况
The below token is encoded twice but we handle that situation
<代码> CfDJ8HYrrpCgcr5GvrItPOWapXRy8WF8odd%252BVKuDup7buRsl1x4agRpfgQlEIPWiBqM0Wuilu9tCv5l%252B3lNaAb89%252Fi%252B4k0y%252FH0jdXAbabz0%252FXDGA0eUrmcKdIsDFNuXeyP5ezTVmTx8t0ky9xCTXaKLAfvTsCJviETk5Ag9JbUs3l3%252BnUon6fyYOHsslJI5VKLqhMM0Sm%252BW1EE%252B%252FPEJ%252BXcn%252FPS1My%252BI1lExuF1R1hFEZScEsUCG%252Bx%252BVIFB9bzs1IoLC%252Baw%253D 253D%
任何帮助将不胜感激,谢谢!
Any help will be appreciated, Thank you!
推荐答案
这个问题似乎是基本的 Query String 相关的问题.您的问题中没有关于样本期望值和样本实际值的提示.因此,我将无法在这里为您提供确切的答案.但下面两个是肯定会解决这个问题的指针.
This problem seems to be basic Query String Related issue. There are no pointers in your question about sample expected value and sample actual value. Hence I will not be able to provide you exact answer here. But below two are the pointers which will certainly resolve this issue.
可能有两个问题:
问题 1:HtmlDecode/UrlDecode 后未恢复原始 Base-64
这些标记被编码为 base 64 字符串,其中可能包含像+"这样的字符.
These tokens are encoded as base 64 strings which may contain characters like '+'.
它们被发送到服务器.
然后服务器尝试对该字符串执行 HtmlDecode 操作,以删除实际存在于原始 base 64 标记中的字符.
Then server tries to perform HtmlDecode operation on this string, to remove the characters which were actually present in original base 64 token.
例如'+' 被空字符串替换.
E.g. '+' is replaced by empty string.
所以,WebUtility.HtmlDecode后生成的token是无效的.这就是您收到无效令牌错误的原因
So, the token generated after WebUtility.HtmlDecode is invalid. That's why you get the invalid token error
如何检查?你可以调试看看HtmlDecode后的值是多少,期望值是多少.如果它们不同,那么这就是根本原因.
How to check this ? You can debug and see what is the value after HtmlDecode and what is expected value. If they are differing then this is root cause.
问题 2:查询字符串的格式不正确
查询字符串中的多个键值对使用'&'连接特点.例如key1=value1&key2=value2
Multiple key value pairs in query strings are joined using '&' character. e.g. key1=value1&key2=value2
但有时,它的编码版本 & 而不是 & 出现在查询字符串中.
例如key1=value1&key2=value2
But some times instead of & , its encoded version & comes in the query string.
e.g. key1=value1&key2=value2
如果是这种情况,.Net 服务器将无法正确解析查询字符串.
The .Net server would not be able to parse query string correctly if this is the case.
如何检查? 您可以使用 QueryString 属性直接从 HttpContext 或 HttpRequest 读取原始查询字符串,并检查是否是这种情况.如果是,那么您可以更改您的客户端以发送适当的查询字符串(更合乎逻辑和可维护性)或编写一些代码以在服务器端更正它.
How to check this ? You can use directly read raw query string from HttpContext or HttpRequest using QueryString property and check if this is the case. If it is then you can either change your client to send appropriate query string (more logical and maintainable) or write some code to correct it on server side.
这些提示应该可以帮助您解决问题.
These pointers should help you to resolve the issue.
这篇关于Asp.net Core 电子邮件确认有时会说 InvalidToken的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
