Asp.NET Identity 2 提供“无效令牌"错误 [英] Asp.NET Identity 2 giving "Invalid Token" error

问题描述

我正在使用 Asp.Net-Identity-2 并且我正在尝试使用以下方法验证电子邮件验证码.但我收到了无效令牌" 错误消息.

I'm using Asp.Net-Identity-2 and I'm trying to verify email verification code using the below method. But I am getting an "Invalid Token" error message.

• 我的应用程序的用户管理器是这样的:

• My Application's User Manager is like this:

public class AppUserManager : UserManager<AppUser>
{
    public AppUserManager(IUserStore<AppUser> store) : base(store) { }

    public static AppUserManager Create(IdentityFactoryOptions<AppUserManager> options, IOwinContext context)
    {
        AppIdentityDbContext db = context.Get<AppIdentityDbContext>();
        AppUserManager manager = new AppUserManager(new UserStore<AppUser>(db));

        manager.PasswordValidator = new PasswordValidator { 
            RequiredLength = 6,
            RequireNonLetterOrDigit = false,
            RequireDigit = false,
            RequireLowercase = true,
            RequireUppercase = true
        };

        manager.UserValidator = new UserValidator<AppUser>(manager)
        {
            AllowOnlyAlphanumericUserNames = true,
            RequireUniqueEmail = true
        };

        var dataProtectionProvider = options.DataProtectionProvider;

        //token life span is 3 hours
        if (dataProtectionProvider != null)
        {
            manager.UserTokenProvider =
               new DataProtectorTokenProvider<AppUser>
                  (dataProtectionProvider.Create("ConfirmationToken"))
               {
                   TokenLifespan = TimeSpan.FromHours(3)
               };
        }

        manager.EmailService = new EmailService();

        return manager;
    } //Create
  } //class
} //namespace

我生成令牌的操作是(即使我在这里检查令牌，我也会收到无效令牌"消息):

My Action to generate the token is (and even if I check the token here, I get "Invalid token" message):

[AllowAnonymous]
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult ForgotPassword(string email)
{
    if (ModelState.IsValid)
    {
        AppUser user = UserManager.FindByEmail(email);
        if (user == null || !(UserManager.IsEmailConfirmed(user.Id)))
        {
            // Returning without warning anything wrong...
            return View("../Home/Index");

        } //if

        string code = UserManager.GeneratePasswordResetToken(user.Id);
        string callbackUrl = Url.Action("ResetPassword", "Admin", new { Id = user.Id, code = HttpUtility.UrlEncode(code) }, protocol: Request.Url.Scheme);

        UserManager.SendEmail(user.Id, "Reset password Link", "Use the following  link to reset your password: <a href="" + callbackUrl + "">link</a>");

        //This 2 lines I use tho debugger propose. The result is: "Invalid token" (???)
        IdentityResult result;
        result = UserManager.ConfirmEmail(user.Id, code);
    }

    // If we got this far, something failed, redisplay form
    return View();

} //ForgotPassword

我检查令牌的操作是(在这里，我检查结果时总是得到无效令牌"):

My Action to check the token is (here, I always get "Invalid Token" when I check the result):

[AllowAnonymous]
public async Task<ActionResult> ResetPassword(string id, string code)
{

    if (id == null || code == null)
    {
        return View("Error", new string[] { "Invalid params to reset password." });
    }

    IdentityResult result;

    try
    {
        result = await UserManager.ConfirmEmailAsync(id, code);
    }
    catch (InvalidOperationException ioe)
    {
        // ConfirmEmailAsync throws when the id is not found.
        return View("Error", new string[] { "Error to reset password:<br/><br/><li>" + ioe.Message + "</li>" });
    }

    if (result.Succeeded)
    {
        AppUser objUser = await UserManager.FindByIdAsync(id);
        ResetPasswordModel model = new ResetPasswordModel();

        model.Id = objUser.Id;
        model.Name = objUser.UserName;
        model.Email = objUser.Email;

        return View(model);
    }

    // If we got this far, something failed.
    string strErrorMsg = "";
    foreach(string strError in result.Errors)
    {
        strErrorMsg += "<li>" + strError + "</li>";
    } //foreach

    return View("Error", new string[] { strErrorMsg });

} //ForgotPasswordConfirmation

我不知道可能缺少什么或出了什么问题...

I don't know what could be missing or what's wrong...

推荐答案

因为你在这里生成密码重置令牌:

Because you are generating token for password reset here:

string code = UserManager.GeneratePasswordResetToken(user.Id);

但实际上试图验证电子邮件的令牌:

But actually trying to validate token for email:

result = await UserManager.ConfirmEmailAsync(id, code);

这是 2 个不同的令牌.

These are 2 different tokens.

在您的问题中，您说您正在尝试验证电子邮件，但您的代码用于重置密码.你在做什么?

In your question you say that you are trying to verify email, but your code is for password reset. Which one are you doing?

如果您需要电子邮件确认，则通过

If you need email confirmation, then generate token via

var emailConfirmationCode = await UserManager.GenerateEmailConfirmationTokenAsync(user.Id);

并通过

var confirmResult = await UserManager.ConfirmEmailAsync(userId, code);

如果您需要重置密码，请像这样生成令牌:

If you need password reset, generate token like this:

var code = await UserManager.GeneratePasswordResetTokenAsync(user.Id);

并像这样确认:

var resetResult = await userManager.ResetPasswordAsync(user.Id, code, newPassword);

这篇关于Asp.NET Identity 2 提供“无效令牌"错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！