I've implemented ASP.NET Identity in my MVC application by copying the code from the VS 2013 templates. The basic thing is working, but I couldn't get the Reset Password to work. When I show the "forgot password" page an email is generated which contains the token. This token is returned by the method:
我实现了ASP。NET Identity在我的MVC应用程序中,通过复制VS 2013模板中的代码。基本的东西是工作的,但是我不能让重置密码工作。当我显示“忘记密码”页面时,会生成包含令牌的电子邮件。该方法将返回此令牌:
UserManager.GeneratePasswordResetTokenAsync(user.Id)
When I click the link the reset password forms open and lets the user input their email address and a new password. Then the call to the change password functionality is made:
当我点击链接时,重置密码表单就会打开,让用户输入他们的电子邮件地址和新的密码。然后调用更改密码功能:
UserManager.ResetPasswordAsync(user.Id, model.Code, model.Password);
This looks good to me, but the result is always a "Invalid Token" and I don't get why that is.
这在我看来很好,但是结果总是一个“无效的标记”,我不明白为什么是这样。
Does anybody have an idea why it isn't working? And where the hell is the token stored? I thought it must be in the database somewhere around the AspNetUsers table...
有人知道它为什么不工作吗?这个令牌存储在哪里?我想它一定在AspNetUsers表附近的数据库中……
3 个解决方案
#1
25
The token generated by UserManager in ASP.NET Identity usually contains "+" characters which when passed as a query string get changed into "" (a space) in the URL. In your ResetPassword ActionResult replace "" with "+" like this:
UserManager在ASP中生成的令牌。NET Identity通常包含“+”字符,当作为查询字符串传递时,这些字符在URL中被更改为“”(空格)。在ResetPassword ActionResult中,将“”替换为“+”,如下所示:
var code = model.Code.Replace(" ", "+");
//And then change the following line
UserManager.ResetPasswordAsync(user.Id, model.Code, model.Password);
//To this one so it uses the code(spaces replaced with "+") instead of model.Code
UserManager.ResetPasswordAsync(user.Id, code, model.Password);
That should do the trick. I had the same problem and found the answer here.
这应该很管用。我也遇到了同样的问题,在这里找到了答案。
#2
27
Just wanted to add that the most common issue outside of HTML encoding/decoding is that your user entry in the database may be missing a SecurityStamp. There is a bug in ASP.NET Identity where one function sets it to null when creating the token, whereas another when validating the token checks for an empty string.
只是想补充一点,HTML编码/解码之外最常见的问题是,数据库中的用户条目可能缺少一个SecurityStamp。ASP中有一个错误。在创建令牌时,一个函数将其设置为null的网络标识,而另一个函数在验证令牌检查空字符串时,将其设置为null。
If your SecurityStamp is null or an empty string, this will cause the invalid token issue.
如果您的SecurityStamp是null或空字符串,这将导致无效的令牌问题。
#3
0
In my case this was because data in database were imported from another database incorrectly. SecurityStamp field was null so I got invalid token error.
在我的例子中,这是因为数据库中的数据从另一个数据库导入错误。SecurityStamp字段为空,因此我得到无效的令牌错误。
#1
25
The token generated by UserManager in ASP.NET Identity usually contains "+" characters which when passed as a query string get changed into "" (a space) in the URL. In your ResetPassword ActionResult replace "" with "+" like this:
UserManager在ASP中生成的令牌。NET Identity通常包含“+”字符,当作为查询字符串传递时,这些字符在URL中被更改为“”(空格)。在ResetPassword ActionResult中,将“”替换为“+”,如下所示:
var code = model.Code.Replace(" ", "+");
//And then change the following line
UserManager.ResetPasswordAsync(user.Id, model.Code, model.Password);
//To this one so it uses the code(spaces replaced with "+") instead of model.Code
UserManager.ResetPasswordAsync(user.Id, code, model.Password);
That should do the trick. I had the same problem and found the answer here.
这应该很管用。我也遇到了同样的问题,在这里找到了答案。
#2
27
Just wanted to add that the most common issue outside of HTML encoding/decoding is that your user entry in the database may be missing a SecurityStamp. There is a bug in ASP.NET Identity where one function sets it to null when creating the token, whereas another when validating the token checks for an empty string.
只是想补充一点,HTML编码/解码之外最常见的问题是,数据库中的用户条目可能缺少一个SecurityStamp。ASP中有一个错误。在创建令牌时,一个函数将其设置为null的网络标识,而另一个函数在验证令牌检查空字符串时,将其设置为null。
If your SecurityStamp is null or an empty string, this will cause the invalid token issue.
如果您的SecurityStamp是null或空字符串,这将导致无效的令牌问题。
#3
0
In my case this was because data in database were imported from another database incorrectly. SecurityStamp field was null so I got invalid token error.
在我的例子中,这是因为数据库中的数据从另一个数据库导入错误。SecurityStamp字段为空,因此我得到无效的令牌错误。