ASP.NET Identity Core: invalid token for password reset on web farm

193 views Asked by At

So, I've been reading the docs and I'm trying to make my site on a web farm. I've searched a lot of articles and it seems like setting the keyring to a common network path should be all that is required to get the data protection to work. In my case, I'm persisting it to Azure.

Now, authentication is working fine, but I'm always getting the Invalid Token error when a user tries to reset his password (when the link is generated on one machine and verified on another).

EDIT: added code for generating the link and verifying the token.

Btw, here's the code used for generating the reset link with the token:

var code = await _userManager.GeneratePasswordResetTokenAsync(user);
await _emailSender.SendPasswordResetAsync(user,
                                     User.IsAuthenticated(),
                                     Url.Link("default",
                                     new {
                                        Controller = "Account", 
                                        Action = "ResetPasswordEmail", 
                                        token = code, 
                                        email = user.Email
                                     }),                                                          
                                    _dbContext.Database.GetDbConnection(),
                                    CancellationToken.None);
        

And here's how it's validated:

var validToken = await _userManager.VerifyUserTokenAsync(user,
                                                         "Default",
                                                         "ResetPassword",
                                                         token);

Any ideas on what's going on?

Thanks.

1

There are 1 answers

0
Luis Abreu On

Ok, as always, the problem was between the chair and the keyboard...

The problem was that the keyring was setup to use azure inside an #if RELEASE condition which wasn't set up on the publish pipeline...

Bottom line: sharing the keyring is all that was needed to get everything up and running...