Dec 3, 2014 at 5:02 PM
Edited Dec 3, 2014 at 5:05 PM
I have an internal admin website where we need to add a feature to create a password reset token. Here is what we have done so far (but it doesn't work):
var manager = new ARRTUserManager(new ARRTUserStore(new DB2(), HttpContext.Current));
IdentityUser idUser = manager.FindByEmail(user.Email);
var provider = new Microsoft.Owin.Security.DataProtection.DpapiDataProtectionProvider("ARRTAuth");
manager.UserTokenProvider = new Microsoft.AspNet.Identity.Owin.DataProtectorTokenProvider<IdentityUser, long>(provider.Create("PR"));
string s = manager.UserTokenProvider.GenerateAsync("ResetPassword", manager, idUser).Result;
Now when we create a password reset code, it generates one however it is not generated properly.
On the production website we have available to us an OWIN object that seems to have the DPAPI provider all initialized for us, and this code works just fine on it. However because our internal website doesn't use IDENTITY Framework, we of course have no reference
to an IAppBuilder object or OWIN context information:
var manager = Context.GetOwinContext().GetUserManager<ApplicationUserManager>();
IdentityUser idUser = manager.FindByEmail("firstname.lastname@example.org");
string resetCode = manager.GeneratePasswordResetToken(idUser.Id);
Running the above code on the public facing website itself however works fine as long as you let the OWIN stuff create the OWIN object in a startup class like this:
public void ConfigureAuth(IAppBuilder app)
However our internal admin we were hopping to initialize it as shown in the first code snippet, however the password reset codes that are generated are INCORRECT and do not work on the production website.
How to generate password reset tokens for a website that is using Identity Framework, but do it within a different internal application that is NOT using the identity framework?