令牌在使用ASP重置密码时无效。净的身份

时间:2020-12-19 03:29:45

I've implemented ASP.NET Identity in my MVC application by copying the code from the VS 2013 templates. The basic thing is working, but I couldn't get the Reset Password to work. When I show the "forgot password" page an email is generated which contains the token. This token is returned by the method:

我实现了ASP。NET Identity在我的MVC应用程序中,通过复制VS 2013模板中的代码。基本的东西是工作的,但是我不能让重置密码工作。当我显示“忘记密码”页面时,会生成包含令牌的电子邮件。该方法将返回此令牌:

UserManager.GeneratePasswordResetTokenAsync(user.Id)

When I click the link the reset password forms open and lets the user input their email address and a new password. Then the call to the change password functionality is made:

当我点击链接时,重置密码表单就会打开,让用户输入他们的电子邮件地址和新的密码。然后调用更改密码功能:

UserManager.ResetPasswordAsync(user.Id, model.Code, model.Password);

This looks good to me, but the result is always a "Invalid Token" and I don't get why that is.

这在我看来很好,但是结果总是一个“无效的标记”,我不明白为什么是这样。

Does anybody have an idea why it isn't working? And where the hell is the token stored? I thought it must be in the database somewhere around the AspNetUsers table...

有人知道它为什么不工作吗?这个令牌存储在哪里?我想它一定在AspNetUsers表附近的数据库中……

3 个解决方案

#1


25  

The token generated by UserManager in ASP.NET Identity usually contains "+" characters which when passed as a query string get changed into "" (a space) in the URL. In your ResetPassword ActionResult replace "" with "+" like this:

UserManager在ASP中生成的令牌。NET Identity通常包含“+”字符,当作为查询字符串传递时,这些字符在URL中被更改为“”(空格)。在ResetPassword ActionResult中,将“”替换为“+”,如下所示:

var code = model.Code.Replace(" ", "+");
//And then change the following line 
UserManager.ResetPasswordAsync(user.Id, model.Code, model.Password);
//To this one so it uses the code(spaces replaced with "+") instead of model.Code
UserManager.ResetPasswordAsync(user.Id, code, model.Password);

That should do the trick. I had the same problem and found the answer here.

这应该很管用。我也遇到了同样的问题,在这里找到了答案。

#2


27  

Just wanted to add that the most common issue outside of HTML encoding/decoding is that your user entry in the database may be missing a SecurityStamp. There is a bug in ASP.NET Identity where one function sets it to null when creating the token, whereas another when validating the token checks for an empty string.

只是想补充一点,HTML编码/解码之外最常见的问题是,数据库中的用户条目可能缺少一个SecurityStamp。ASP中有一个错误。在创建令牌时,一个函数将其设置为null的网络标识,而另一个函数在验证令牌检查空字符串时,将其设置为null。

If your SecurityStamp is null or an empty string, this will cause the invalid token issue.

如果您的SecurityStamp是null或空字符串,这将导致无效的令牌问题。

#3


0  

In my case this was because data in database were imported from another database incorrectly. SecurityStamp field was null so I got invalid token error.

在我的例子中,这是因为数据库中的数据从另一个数据库导入错误。SecurityStamp字段为空,因此我得到无效的令牌错误。

#1


25  

The token generated by UserManager in ASP.NET Identity usually contains "+" characters which when passed as a query string get changed into "" (a space) in the URL. In your ResetPassword ActionResult replace "" with "+" like this:

UserManager在ASP中生成的令牌。NET Identity通常包含“+”字符,当作为查询字符串传递时,这些字符在URL中被更改为“”(空格)。在ResetPassword ActionResult中,将“”替换为“+”,如下所示:

var code = model.Code.Replace(" ", "+");
//And then change the following line 
UserManager.ResetPasswordAsync(user.Id, model.Code, model.Password);
//To this one so it uses the code(spaces replaced with "+") instead of model.Code
UserManager.ResetPasswordAsync(user.Id, code, model.Password);

That should do the trick. I had the same problem and found the answer here.

这应该很管用。我也遇到了同样的问题,在这里找到了答案。

#2


27  

Just wanted to add that the most common issue outside of HTML encoding/decoding is that your user entry in the database may be missing a SecurityStamp. There is a bug in ASP.NET Identity where one function sets it to null when creating the token, whereas another when validating the token checks for an empty string.

只是想补充一点,HTML编码/解码之外最常见的问题是,数据库中的用户条目可能缺少一个SecurityStamp。ASP中有一个错误。在创建令牌时,一个函数将其设置为null的网络标识,而另一个函数在验证令牌检查空字符串时,将其设置为null。

If your SecurityStamp is null or an empty string, this will cause the invalid token issue.

如果您的SecurityStamp是null或空字符串,这将导致无效的令牌问题。

#3


0  

In my case this was because data in database were imported from another database incorrectly. SecurityStamp field was null so I got invalid token error.

在我的例子中,这是因为数据库中的数据从另一个数据库导入错误。SecurityStamp字段为空,因此我得到无效的令牌错误。