Question

我正在使用Asp.NET web api开展项目，我的身份验证系统基于身份2.0。当用户发送ResetPassword表单时，他会获得＆＃34;无效令牌＆＃34; 这是我的忘记密码方法

public async Task<HttpResponseMessage> ForgotPassword(ForgotPasswordViewModel model)
    {
        if (!ModelState.IsValid)
        {
            HttpError error = new HttpError(ModelState, false);
            error.Message = Resource.No_Item_Found_Message;
            return Request.CreateErrorResponse(HttpStatusCode.BadRequest, error);
        }
        var user = await UserManager.FindByEmailAsync(model.Email);
        if (user == null || !(await UserManager.IsEmailConfirmedAsync(user.Id)))
        {
            // Don't reveal that the user does not exist or is not confirmed
            HttpError error = new HttpError();
            error.Message = Resource.Process_Failed;
            return Request.CreateErrorResponse(HttpStatusCode.BadRequest, error);
        }
        var provider = new DpapiDataProtectionProvider("ECommerceWebApp");
        UserManager.UserTokenProvider = new DataProtectorTokenProvider<ECommerceUser, string>(provider.Create("UserToken"));
        var code = await UserManager.GeneratePasswordResetTokenAsync(user.Id);
        code = HttpUtility.UrlEncode(code);
        try
        {
            // var callbackUrl = new Uri(Url.Link("ResetPasswordRoute", new { userId = user.Id, code = code, newPassword = model.Password }));
            var callbackUrl = Url.Link("Default", new { Controller = "Account", action = "ResetPassword", userId = user.Id, code = code });
            await UserManager.SendEmailAsync(user.Id, "تغییر رمز عبور در IRI1", "<div style='font-family:tahoma;direction:rtl;text-align:right;font-size:12px;'>" + "<h3>اولین و بزرگترین مرکز دادوستد بدون واسطه در ایران و کشورهای همسایه</h3>لطفاً با کلیک بر روی گزینۀ تغییر رمز به صفحۀ مربوطه بروید : <br/><br/><a href=\"" + callbackUrl + "\">تغییر رمز عبور </a><br/><br/><br/><a href='iri1.com'>Iri1 Web Sites</a>" + "</div>");
        }
        catch (Exception ex)
        {
            HttpError error = new HttpError();
            error.Message = ex.Message;
            return Request.CreateErrorResponse(HttpStatusCode.BadRequest, error);

        }


        return Request.CreateResponse(Resource.Reset_Password_Message_Client);
    }

这是我的ResetPassword方法

[HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public async Task<ActionResult> ResetPassword(ResetPasswordViewModel model)
    {
        if (!ModelState.IsValid)
        {
            return View(model);
        }
        var user = await UserManager.FindByEmailAsync(model.Email);
        if (user == null)
        {
            // Don't reveal that the user does not exist
            return RedirectToAction("ResetPasswordConfirmation", "Account");
        }
        var code = HttpUtility.UrlDecode(model.Code);
        var result = await UserManager.ResetPasswordAsync(user.Id, code, model.Password);
        if (result.Succeeded)
        {
            return RedirectToAction("ResetPasswordConfirmation", "Account");
        }
        AddErrors(result);
        return View();
    }

我仍然收到无效的令牌错误

Answer 1

我刚刚开始学习身份验证，无法从互联网上运行样本（我没有视觉工作室）。但是我从GidHub样本中注意到了这个方法，这在我看来是错误的：

[HttpGet]
        [AllowAnonymous]
        public IActionResult ResetPassword(string code = null)
        {
            return code == null ? View("Error") : View();
        }

我认为这种方法应该这样做：

return code == null ? View("Error") : View(new ResetPasswordViewModel{Code = code});

因此ResetPassword视图中的隐藏字段包含代码。当用户单击提交按钮时，此代码将使用电子邮件和密码发布到httppost ResetPassword操作，您可以在其中访问代码：model.Code

现在我希望你有一个有效的令牌

Asp.Net web api重置密码中的令牌无效

1 个答案: