Jul 13, 2015 at 9:57 AM
Edited Jul 13, 2015 at 10:58 AM
I am using Identity Framework for my Azure Worker Role REST API in conjunction with OAuth2. The Problem: if a user forgets the password I need to be able to remove the old password and set a new one. Because of my scaffold I cannot use the TokenManager, so
I implemented my own Email One-Time Token. So well in the end of the process I have to set a new hashed password for the user. I tried several things like
Nothing worked for me so far. Removing and adding a new password only works if I am logged in with the respective user. The problem is my user forgot the password and has now and anonymous context in the endpoint controller.
Question: Is there any way to change the hashedPassword of an IdentityUser without being logged in as this user?!? Or do I have to implement my own hashing and password saving because IdentityFramework won't support this?
Two really strange things are happening:
- when I use UserManager.SetPasswordHashAsync(user, hashedNewPassword); the first time it sets the new password correctly for the user. When its called a second time it won't work anymore.
- when I use user.hashedPassword = newHashedPassword; directly and update the user afterwards it works exacty ONE time. Same like 1.
- when I restart and redeploy the project without the database, afterwards the new password is set and working! How can I tell azure or the identity framework to reload the data from the database so that the password hash from the database is used?!?
Any idea whats the problem and how I can solve it?