Julio Schurt Julio Schurt - 1 year ago 334
ASP.NET (C#) Question

Asp.NET - Identity 2 - Invalid Token Error

I´m using Asp.Net-Identity-2 and I´m trying to verify email verification code using the below method. But I am getting an "Invalid Token" error message.

  • My Application's User Manager is

    public class AppUserManager : UserManager<AppUser>
    public AppUserManager(IUserStore<AppUser> store) : base(store) { }

    public static AppUserManager Create(IdentityFactoryOptions<AppUserManager> options, IOwinContext context)
    AppIdentityDbContext db = context.Get<AppIdentityDbContext>();
    AppUserManager manager = new AppUserManager(new UserStore<AppUser>(db));

    manager.PasswordValidator = new PasswordValidator {
    RequiredLength = 6,
    RequireNonLetterOrDigit = false,
    RequireDigit = false,
    RequireLowercase = true,
    RequireUppercase = true

    manager.UserValidator = new UserValidator<AppUser>(manager)
    AllowOnlyAlphanumericUserNames = true,
    RequireUniqueEmail = true

    var dataProtectionProvider = options.DataProtectionProvider;

    //token life span is 3 hours
    if (dataProtectionProvider != null)
    manager.UserTokenProvider =
    new DataProtectorTokenProvider<AppUser>
    TokenLifespan = TimeSpan.FromHours(3)

    //defining email service
    manager.EmailService = new EmailService();

    return manager;
    } //Create

    } //class

    } //namespace

  • My Action to generate the token is (Even if I check the token here, I get "Invalid token" message)

    public ActionResult ForgotPassword(string email)
    if (ModelState.IsValid)
    AppUser user = UserManager.FindByEmail(email);
    if (user == null || !(UserManager.IsEmailConfirmed(user.Id)))
    // Returning without warning anything wrong...
    return View("../Home/Index");

    } //if

    string code = UserManager.GeneratePasswordResetToken(user.Id);
    string callbackUrl = Url.Action("ResetPassword", "Admin", new { Id = user.Id, code = HttpUtility.UrlEncode(code) }, protocol: Request.Url.Scheme);

    UserManager.SendEmail(user.Id, "Reset password Link", "Use the following link to reset your password: <a href=\"" + callbackUrl + "\">link</a>");

    //This 2 lines I use tho debugger propose. The result is: "Invalid token" (???)
    IdentityResult result;
    result = UserManager.ConfirmEmail(user.Id, code);


    // If we got this far, something failed, redisplay form
    return View();

    } //ForgotPassword

  • My Action to check the token is (here, I always get "Invalid Token" when I check the result)

    public async Task<ActionResult> ResetPassword(string id, string code)

    if (id == null || code == null)
    return View("Error", new string[] { "Invalid params to reset password." });

    IdentityResult result;

    result = await UserManager.ConfirmEmailAsync(id, code);
    catch (InvalidOperationException ioe)
    // ConfirmEmailAsync throws when the id is not found.
    return View("Error", new string[] { "Error to reset password:<br/><br/><li>" + ioe.Message + "</li>" });

    if (result.Succeeded)
    AppUser objUser = await UserManager.FindByIdAsync(id);
    ResetPasswordModel model = new ResetPasswordModel();

    model.Id = objUser.Id;
    model.Name = objUser.UserName;
    model.Email = objUser.Email;

    return View(model);


    // If we got this far, something failed.
    string strErrorMsg = "";
    foreach(string strError in result.Errors)
    strErrorMsg += "<li>" + strError + "</li>";
    } //foreach

    return View("Error", new string[] { strErrorMsg });

    } //ForgotPasswordConfirmation

I don´t know what is missing or what's is wrong.

Thanks for any help...

Answer Source

Because you are generating token for password reset here:

string code = UserManager.GeneratePasswordResetToken(user.Id);

But actually trying to validate token for email:

result = await UserManager.ConfirmEmailAsync(id, code);

These are 2 different tokens.

In your question you say that you are trying to verify email, but your code is for password reset. Which one are you doing?

If you need email confirmation, then generate token via

var emailConfirmationCode = await UserManager.GenerateEmailConfirmationTokenAsync(user.Id);

and confirm it via

var confirmResult = await UserManager.ConfirmEmailAsync(userId, code);

If you need password reset, generate token like this:

var code = await UserManager.GeneratePasswordResetTokenAsync(user.Id);

and confirm it like this:

var resetResult = await userManager.ResetPasswordAsync(user.Id, code, newPassword);