Asp.NET Identity 2 giving “Invalid Token” error

Question

I\'m using Asp.Net-Identity-2 and I\'m trying to verify email verification code using the below method. But I am getting an \"Invalid Token\"

Answer 1

Insipired by the soluion #3 posted by @cheny, I realized that if you use the same UserManager instance the generated code is accepted. But in a real scenario, the validation code happens in a second API call after the user clicks on the email link. It means that a new instance of the UserManager is created and it is unable to verify the code generated by the first instance of the first call. The only way to make it work is to be sure to have the SecurityStamp column in the database user table. Registering the class that's using the UserManager as singleton throws an exception at the application startup because the UserManager class is automatically registered with a Scoped lifetime

Answer 2

string code = _userManager.GeneratePasswordResetToken(user.Id);

                code = HttpUtility.UrlEncode(code);

//send rest email

---

do not decode the code

var result = await _userManager.ResetPasswordAsync(user.Id, model.Code, model.Password); 

Answer 3

Make sure when generate, you use:

GeneratePasswordResetTokenAsync(user.Id)

And confirm you use:

ResetPasswordAsync(user.Id, model.Code, model.Password)

If you make sure you are using the matching methods, but it still doesn't work, please verify that user.Id is the same in both methods. (Sometimes your logic may not be correct because you allow using same email for registry, etc.)