ASP.NET Core错误:实施忘记密码时出现无效令牌错误
在VS2017 ver 15.3.3具有Individual User Accounts模式的ASP.NET MVC Core 1.1.1应用程序中,我正在实现Forgot Passwordfunction。 该应用正确地使用生成的链接发送电子邮件。 我可以打开我的电子邮件,可以看到生成的链接如下。 链接正确显示ResetPassWord.cshtml视图。 但是当我输入所需的用户名,密码,确认密码信息并单击“提交”按钮时,我收到Invalid Token错误。 问题 :如何解决问题?
注意 :
答:如果我已登录并希望将密码重置为其他内容,则PasswordResetfunction可以正常工作。
B.不确定它是否相关:我没有使用电子邮件作为用户名。 相反,我改变了AccountCountroller的Email属性
[Required] [EmailAddress] public string Email { get; set; }
至
[Required] public string UserName { get; set; }
等等,并在ApplicationUser.cs扩展了用户属性,如下所示:
ApplicationUser.cs
// Add profile data for application users by adding properties to the ApplicationUser class public class ApplicationUser : IdentityUser { public string UserFullName { get; set; } [Column(TypeName = "varchar(50)")] public string UserEmaill { get; set; } [Column(TypeName = "varchar(15)")] public string UserCity{ get; set; } }
应用程序发送的电子邮件正文 :
Please reset your password by clicking here: link
控制器 :
[HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task ForgotPassword(ForgotPasswordViewModel model) { if (ModelState.IsValid) { var user = await _userManager.FindByNameAsync(model.UserName); string sUserEmail = user.UserEmail; //I Added this. Note the email is not the user name in my app if (user == null) { // Don't reveal that the user does not exist or is not confirmed return View("ForgotPasswordConfirmation"); } // For more information on how to enable account confirmation and password reset please visit http://go.microsoft.com/fwlink/?LinkID=532713 // Send an email with this link var code = await _userManager.GeneratePasswordResetTokenAsync(user); var callbackUrl = Url.Action("ResetPassword", "Account", new { userId = user.Id, code = code }, protocol: HttpContext.Request.Scheme); await _emailSender.SendEmailAsync(sUserEmail, "Reset Password", $"Please reset your password by clicking here: link"); return View("ForgotPasswordConfirmation"); } // If we got this far, something failed, redisplay form return View(model); } [HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task ResetPassword(ResetPasswordViewModel model) { if (!ModelState.IsValid) { return View(model); } var user = await _userManager.FindByNameAsync(model.UserName); if (user == null) { // Don't reveal that the user does not exist return RedirectToAction(nameof(AccountController.ResetPasswordConfirmation), "Account"); } var result = await _userManager.ResetPasswordAsync(user, model.Code, model.Password); if (result.Succeeded) { return RedirectToAction(nameof(AccountController.ResetPasswordConfirmation), "Account"); } AddErrors(result); return View(); }
UPDATE
- 我试过
code = System.Net.WebUtility.UrlEncode(code);行var code = await _userManager.GeneratePasswordResetTokenAsync(user);在ForgotPassword(...)POST方法中; 但仍然是同样的错误。 然后我也尝试了var code = System.Net.WebUtility.UrlDecode(model.Code);在行var result = await _userManager.ResetPasswordAsync(user, code, model.Password);在ResetPassword(...)POST方法内; 同样的错误。
- 在ASP .NET 5中默认阻止匿名访问
- 如何使用UserManager在IdentityUser上加载导航属性
- Attribute.IsDefined在哪里进入DNX Core 5.0?
- 应用程序在添加Oauth时重定向到Account / AccessDenied
- 在单独的项目Asp.net Core MVC中进行本地化
- 在.NET Core中使用Reflection
- 如何将服务配置传递给Xunit项目测试控制器?
- ASP.NET 4.5在ASP.NET Core 2.0应用程序下的Azure Web App中作为虚拟应用程序抛出502.5
- .NET Core中的Assembly.GetEntryAssembly()相当于什么?