令牌无效。使用UserManager.ConfirmEmailAsync(user.Id,code)验证电子邮件验证码时

时间:2014-08-04 04:49:03

标签: asp.net-mvc asp.net-web-api asp.net-identity

我最近将Asp.net标识1.0迁移到2.0。我正在尝试使用以下方法验证电子邮件验证码。但我得到了#34;无效令牌"错误信息。 

public async Task<HttpResponseMessage> ConfirmEmail(string userName, string code)
        {
            ApplicationUser user = UserManager.FindByName(userName);
            var result = await UserManager.ConfirmEmailAsync(user.Id, code);
            return Request.CreateResponse(HttpStatusCode.OK, result);
        }

使用以下代码生成电子邮件验证令牌(如果我在生成令牌后立即调用ConfirmEmailAsyc,这样可以正常工作)。但是当我使用不同的方法调用时会出错

public async Task<HttpResponseMessage> GetEmailConfirmationCode(string userName)
        {
            ApplicationUser user = UserManager.FindByName(userName);
            var code = await UserManager.GenerateEmailConfirmationTokenAsync(user.Id);
            //var result = await UserManager.ConfirmEmailAsync(user.Id, code);
            return Request.CreateResponse(HttpStatusCode.OK, code);
        }

请帮忙

6 个答案:

答案 0 :(得分:15)

我发现你必须在将令牌放入电子邮件之前对其进行编码,但事后检查时则不然。所以发送电子邮件的代码是:

                // Send an email with this link 
                string code = UserManager.GenerateEmailConfirmationToken(user.Id);

                // added HTML encoding
                string codeHtmlVersion = HttpUtility.UrlEncode(code);

                // for some weird reason the following commented out line (which should return an absolute URL) returns null instead
                // var callbackUrl = Url.Action("ConfirmEmail", "Account", new { userId = user.Id, code = code }, protocol: Request.Url.Scheme);

                string callbackUrl = "(your URL)/Account/ConfirmEmail?userId=" +
                    user.Id + "&code=" + codeHtmlVersion;

                // Send an email with this link using class (not shown here)
                var m = new Email();

                m.ToAddresses.Add(user.Email);
                m.Subject = "Confirm email address for new account";

                m.Body =
                    "Hi " + user.UserName + dcr +
                    "You have been sent this email because you created an account on our website.  " +
                    "Please click on <a href =\"" + callbackUrl + "\">this link</a> to confirm your email address is correct. ";

确认电子邮件的代码如下:

// user has clicked on link to confirm email
    [AllowAnonymous]
    public async Task<ActionResult> ConfirmEmail(string userId, string code)
    {

        // email confirmation page            
        // don't HTTP decode

        // try to authenticate
        if (userId == null || code == null)
        {
            // report an error somehow
        }
        else
        {

            // check if token OK
            var result = UserManager.ConfirmEmail(userId, code);
            if (result.Succeeded)
            {
                // report success
            }
            else
            {
                // report failure
            }
        }

最终为我工作!

答案 1 :(得分:2)

希望问题得到解决。否则以下是解决方案的链接,该链接运行良好。

Asp.NET - Identity 2 - Invalid Token Error

只需使用:

emailConfirmationCode = await 
UserManager.GenerateEmailConfirmationTokenAsync(user.Id);
UserManager.ConfirmEmailAsync(userId, code1);

答案 2 :(得分:1)

有同样的问题。 修复是在生成链接时对令牌进行HTML编码,并在确认时 - HTML将其解码回来。

    public async Task<IActionResult> ForgotPassword(ForgotPasswordViewModel model)
    {
        if (ModelState.IsValid)
        {
            var user = await _userManager.FindByEmailAsync(model.Email);
            if (user == null )
            {
                // Don't reveal that the user does not exist or is not confirmed
                return RedirectToAction(nameof(ForgotPasswordConfirmation));
            }

            var code = await _userManager.GeneratePasswordResetTokenAsync( user );

            var codeHtmlVersion = HttpUtility.UrlEncode( code );
            var callbackUrl = Url.ResetPasswordCallbackLink(user.Id, codeHtmlVersion, Request.Scheme);
            await _emailSender.SendEmailAsync(
                model.Email, 

                $"You can reset your password by clicking here: <a href='{callbackUrl}'>link</a>", 
                _logger );
            return RedirectToAction(nameof(ForgotPasswordConfirmation));
        }

        // If we got this far, something failed, redisplay form
        return View(model);
    }

    public async Task<IActionResult> ResetPassword(ResetPasswordViewModel model)
    {
        if (!ModelState.IsValid)
        {
            return View(model);
        }
        var user = await _userManager.FindByEmailAsync(model.Email);
        if (user == null)
        {
            // Don't reveal that the user does not exist
            return RedirectToAction(nameof(ResetPasswordConfirmation));
        }

        var codeHtmlDecoded = HttpUtility.UrlDecode( model.Code );

        var result = await _userManager.ResetPasswordAsync(user, codeHtmlDecoded, model.Password);
        if (result.Succeeded)
        {
            return RedirectToAction(nameof(ResetPasswordConfirmation));
        }
        AddErrors(result);
        return View();
    }

答案 3 :(得分:0)

如果我正在获取url(完整)并通过WebClient调用api,则会发生这种情况。在发送呼叫之前,必须对代码值进行编码。

code = HttpUtility.UrlEncode(code);

答案 4 :(得分:0)

我们遇到了同样的问题,负载均衡导致了这个问题。在web.config文件中添加<machineKey validationKey="XXX" decryptionKey="XXX" validation="SHA1" decryption="AES"/>解决了这个问题。您的所有服务器都需要具有相同的机器密钥才能验证以前生成的代码。

希望这会有所帮助。

答案 5 :(得分:-1)

我的问题略有不同。

我创建了自己的IUserStore,我做错了一件事就是如果没有值,将SecurityStamp设置为null。

安全标记用于生成令牌,但在生成令牌时它被空字符串替换,但在验证令牌时不会替换它,因此最终将String.Emptynull进行比较String.Empty,总是返回false。

我通过在从数据库中读取时替换var p = object.getThePromise(); p.then(function(value) { // ...use the value... }); // later - this is the bit that's wrong p.then(function(value) { // ...use the value... }); 的空值来解决我的问题。

相关问题
最新问题