ApplicationUserManager's Generate ___ Token methods

◇◆丶佛笑我妖孽 提交于 2019-12-11 17:41:51

问题


I see there are 5 different Generate Token methods on ApplicationUserManager such as:

  • manager.GenerateChangePhoneNumberToken()
  • manager.GenerateEmailConfirmationToken()
  • manager.GeneratePasswordResetToken()
  • manager.GenerateTwoFactorToken()
  • manager.GenerateUserToken()

What is the point of GenerateUserToken when the other 4 exist? When would you only use GenerateUserToken and not any of the others?

Can the UserToken from GenerateUserToken be used instead of the other 4 for all possible token requested tasks?

Trying to understand these better but not finding much help through searching. Thanks!


回答1:


If you look on the source code of UserManager, you'll see that GenerateUserTokenAsync(string purpose, TKey userId) is the one with most logic. All other methods you talk about are a shortcuts for this method with parameter purpose specified.

So when you need to reset password you call GeneratePasswordResetTokenAsync(TKey userId) that in turn calls GenerateUserTokenAsync("ResetPassword", userId).

This purpose parameter is encoded in the token and on the way back, when the token is verified, this purpose must be the same as it was for token generation. I.e. token generated for password reset will not work for email confirmation.



来源:https://stackoverflow.com/questions/45245866/applicationusermanagers-generate-token-methods

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!