This project is read-only.

UserManager Setting Hashed Password

Jul 13, 2015 at 10:57 AM
Edited Jul 13, 2015 at 11:58 AM
Hi there

I am using Identity Framework for my Azure Worker Role REST API in conjunction with OAuth2. The Problem: if a user forgets the password I need to be able to remove the old password and set a new one. Because of my scaffold I cannot use the TokenManager, so I implemented my own Email One-Time Token. So well in the end of the process I have to set a new hashed password for the user. I tried several things like
UserManager.RemovePassword(userid);
UserManager.AddPassword(userid, newPassword);
OR
UserManager.SetPasswordHashAsync(user, hashedNewPassword);

Nothing worked for me so far. Removing and adding a new password only works if I am logged in with the respective user. The problem is my user forgot the password and has now and anonymous context in the endpoint controller.
Question: Is there any way to change the hashedPassword of an IdentityUser without being logged in as this user?!? Or do I have to implement my own hashing and password saving because IdentityFramework won't support this?

Two really strange things are happening:
  1. when I use UserManager.SetPasswordHashAsync(user, hashedNewPassword); the first time it sets the new password correctly for the user. When its called a second time it won't work anymore.
  2. when I use user.hashedPassword = newHashedPassword; directly and update the user afterwards it works exacty ONE time. Same like 1.
  3. when I restart and redeploy the project without the database, afterwards the new password is set and working! How can I tell azure or the identity framework to reload the data from the database so that the password hash from the database is used?!?
Any idea whats the problem and how I can solve it?

Cheers Fredrik