I have developed a web API for eCommerce website. I have to implement Two Factor Authentication for Password Rest in case of forget password. I am performing below steps: a)On click of Forget Password, system sent OTP to Mobile as SMS b) My webapi also send this OTP to Mobile Client. c)User enters OTP at Mobile client and then confirm it. d)Mobile Client validate entered OTP with sent OTP. e)Upon confirmation, system needs to provide user an option to reset password. f) For reset password, I am using inbuilt method of MVC Web Api in account controller
[Route("SetPassword")]
public async Task<IHttpActionResult> SetPassword(SetPasswordBindingModel model)
{
if (!ModelState.IsValid)
{
return BadRequest(ModelState);
}
IdentityResult result = await UserManager.AddPasswordAsync(User.Identity.GetUserId(), model.NewPassword);
if (!result.Succeeded)
{
return GetErrorResult(result);
}
return Ok();
}
i) While testing this method using Postman, it needs Token generated by system. j) since we don't have password( it's encrypted in DB) while fetching token so we are unable to get token.
Please help, how can generate token without providing password at postman client?