NickName:Gábor Plesz Ask DateTime:2013-09-25T18:49:28

How do I implement password reset with ASP.NET Identity for ASP.NET MVC 5.0?

Microsoft is coming up with a new Membership system called ASP.NET Identity (also the default in ASP.NET MVC 5). I found the sample project, but this is not implemented a password reset.

On password reset topic just found this Article: Implementing User Confirmation and Password Reset with One ASP.NET Identity – Pain or Pleasure, not help for me, because do not use the built-in password recovery.

As I was looking at the options, as I think we need to generate a reset token, which I will send to the user. The user can set then the new password using the token, overwriting the old one.

I found the IdentityManager.Passwords.GenerateResetPasswordToken / IdentityManager.Passwords.GenerateResetPasswordTokenAsync(string tokenId, string userName, validUntilUtc), but I could not figure out what it might mean the tokenId parameter.

How do I implement the Password Reset in ASP.NET with MVC 5.0?

Copyright Notice：Content Author:「Gábor Plesz」，Reproduced under the CC 4.0 BY-SA copyright license with a link to the original source and this disclaimer.
Link to original article：https://stackoverflow.com/questions/19002864/how-do-i-implement-password-reset-with-asp-net-identity-for-asp-net-mvc-5-0

Answers

Gábor Plesz 2013-09-26T19:05:38

I get it: The tokenid is a freely chosen identity, which identifies a password option. For example, \n\n1. looks like the password recovery process, step 1\n(it is based on: https://stackoverflow.com/a/698879/208922)\n\n[HttpPost]\n[ValidateAntiForgeryToken]\n[AllowAnonymous]\n//[RecaptchaControlMvc.CaptchaValidator]\npublic virtual async Task<ActionResult> ResetPassword(\n ResetPasswordViewModel rpvm)\n{\n string message = null;\n //the token is valid for one day\n var until = DateTime.Now.AddDays(1);\n //We find the user, as the token can not generate the e-mail address, \n //but the name should be.\n var db = new Context();\n var user = db.Users.SingleOrDefault(x=>x.Email == rpvm.Email);\n\n var token = new StringBuilder();\n\n //Prepare a 10-character random text\n using (RNGCryptoServiceProvider \n rngCsp = new RNGCryptoServiceProvider())\n {\n var data = new byte[4];\n for (int i = 0; i < 10; i++)\n {\n //filled with an array of random numbers\n rngCsp.GetBytes(data);\n //this is converted into a character from A to Z\n var randomchar = Convert.ToChar(\n //produce a random number \n //between 0 and 25\n BitConverter.ToUInt32(data, 0) % 26 \n //Convert.ToInt32('A')==65\n + 65\n );\n token.Append(randomchar);\n }\n }\n //This will be the password change identifier \n //that the user will be sent out\n var tokenid = token.ToString();\n\n if (null!=user)\n {\n //Generating a token\n var result = await IdentityManager\n .Passwords\n .GenerateResetPasswordTokenAsync(\n tokenid, \n user.UserName, \n until\n );\n\n if (result.Success)\n {\n //send the email\n ...\n }\n }\n message = \n \"We have sent a password reset request if the email is verified.\";\n return RedirectToAction(\n MVC.Account.ResetPasswordWithToken(\n token: string.Empty, \n message: message\n )\n );\n}\n\n\n2 And then when the user enters the token and the new password:\n\n[HttpPost]\n[ValidateAntiForgeryToken]\n[AllowAnonymous]\n//[RecaptchaControlMvc.CaptchaValidator]\npublic virtual async Task<ActionResult> ResetPasswordWithToken(\n ResetPasswordWithTokenViewModel \n rpwtvm\n )\n{\n if (ModelState.IsValid)\n {\n string message = null;\n //reset the password\n var result = await IdentityManager.Passwords.ResetPasswordAsync(\n rpwtvm.Token, \n rpwtvm.Password\n );\n if (result.Success)\n { \n message = \"the password has been reset.\";\n return RedirectToAction(\n MVC.Account.ResetPasswordCompleted(message: message)\n );\n }\n else\n {\n AddErrors(result);\n }\n }\n return View(MVC.Account.ResetPasswordWithToken(rpwtvm));\n}\n\n\nSkeleton proposal to sample project on github, if anyone needs it may be tested.The E-mail sending not yet written, possibly with the addition soon.",