7

I am trying to ConfirmEmail but each time I get a Invalid token! I am calling the API from a angulaJS app http://www.codeproject.com/Articles/784106/AngularJS-Token-Authentication-using-ASP-NET-Web-A

 // GET: /Account/ConfirmEmail
    [System.Web.Http.HttpGet]
    [System.Web.Http.AllowAnonymous]
    [System.Web.Http.Route("ConfirmEmail")]
    public async Task<IHttpActionResult> ConfirmEmail(string userId, string code)
    {
        var newcode = HttpContext.Current.Server.UrlDecode(code);

        if (userId == null || code == null)
        {
            return BadRequest(ModelState);
        }
        var result = await UserManager.ConfirmEmailAsync(userId, newcode);
        if (result.Succeeded) {
            return Ok(result.Succeeded);
        }
        return GetErrorResult(result);
    }

I ask for a Token in 2 places

1 in Account/Register var result = await UserManager.CreateAsync(user, model.Password);

        if (result.Succeeded)
        {
         //   await SignInManager.SignInAsync(user, isPersistent: false, rememberBrowser: false);

            // For more information on how to enable account confirmation and password reset please visit http://go.microsoft.com/fwlink/?LinkID=320771
            // Send an email with this link

            string callbackUrl = await SendEmailConfirmationTokenAsync(user.Id, "Confirm your account");


            return Ok(result.Succeeded);
        }
            return GetErrorResult(result);
        }

and the other in ResendEmail.

        [System.Web.Http.HttpGet]
    [System.Web.Http.Route("ResendEmail")]
    public async Task<IHttpActionResult> ResendEmail(string email)
    {
        if (ModelState.IsValid)
        {
            var user = await UserManager.FindByNameAsync(ActiveMember.Email);

            if (user.Email == email)
            {

                var callbackUrl = await SendEmailConfirmationTokenAsync(user.Id, "Confirm your Email");

            }
            return Ok();
        }
        // If we got this far, something failed, redisplay form
        return BadRequest(ModelState);
    }

SendEmailConfirmationTokenAsync Helper

        private async Task<string> SendEmailConfirmationTokenAsync(string userId, string subject)
    {
        string host = Request.RequestUri.Host.ToLower();

        string code = await UserManager.GenerateEmailConfirmationTokenAsync(userId);
        string callbackUrl = host + "/#/account/ConfirmEmail?userId=" + userId + "&code=" + HttpContext.Current.Server.UrlEncode(code);
        await UserManager.SendEmailAsync(userId, subject, "Please confirm your account by clicking <a href=\"" + callbackUrl + "\">here</a><p>" + userId + "<p>" + code + "<p>" + callbackUrl);


        return callbackUrl;
    }

And the IdentityCinfig just has

var dataProtectionProvider = options.DataProtectionProvider;
        if (dataProtectionProvider != null)
        {
            manager.UserTokenProvider =
                new DataProtectorTokenProvider<Member>(dataProtectionProvider.Create("Identity"));
           // manager.UserTokenProvider = new EmailTokenProvider<Member, string>();
        }

Is this something that I going wrong?

Thanks for your help.

nafnaf1000
  • 103
  • 1
  • 4

2 Answers2

13

I needed to encode the url and HttpUtilitu.UrlEncode wasn't effective, it replaced the character + with space which caused the token to be invalid.

I have two helper methods

public static string Base64ForUrlEncode(string str)
{
    var encbuff = Encoding.UTF8.GetBytes(str);
    return HttpServerUtility.UrlTokenEncode(encbuff);
}

public static string Base64ForUrlDecode(string str)
{
   var decbuff = HttpServerUtility.UrlTokenDecode(str);
   return decbuff != null ? Encoding.UTF8.GetString(decbuff) : null;
}

usage

Register action 

var code = await UserManager.GenerateEmailConfirmationTokenAsync(user.Id);
            var callbackUrl = string.Format("{0}/#confirm-email?userId={1}&code={2}", "your-web-url", user.Id.ToString(), StringHelper.Base64ForUrlEncode(code));

and the ConfirmEmail action

var result = await UserManager.ConfirmEmailAsync(userId.ConvertToGuid(), StringHelper.Base64ForUrlDecode(code));
Labi
  • 341
  • 4
  • 7
0

UrlTokenEncode is not available in .Net Core. I've adapted @Labi's answer to be a string extension and include UrlTokenEncode methods.

Usage:

var code = (await _userManager.GenerateEmailConfirmationTokenAsync(user)).Base64ForUrlEncode();

public static class StringExtensions
{
    public static string Base64ForUrlEncode(this string str)
    {
        var buffer = Encoding.UTF8.GetBytes(str);
        return UrlTokenEncode(buffer);
    }

    public static string Base64ForUrlDecode(this string str)
    {
        var buffer = UrlTokenDecode(str);
        return buffer != null ? Encoding.UTF8.GetString(buffer) : null;
    }

    private static string UrlTokenEncode(byte[] input)
    {
        if (input == null)
            throw new ArgumentNullException(nameof(input));
        if (input.Length < 1)
            return string.Empty;

        ////////////////////////////////////////////////////////
        // Step 1: Do a Base64 encoding
        var base64String = Convert.ToBase64String(input);
        if (base64String == null)
            return null;

        int endPosition;
        ////////////////////////////////////////////////////////
        // Step 2: Find how many padding chars are present in the end
        for (endPosition = base64String.Length; endPosition > 0; endPosition--)
        {
            if (base64String[endPosition - 1] != '=') // Found a non-padding char!
            {
                break; // Stop here
            }
        }

        ////////////////////////////////////////////////////////
        // Step 3: Create char array to store all non-padding chars,
        //      plus a char to indicate how many padding chars are needed
        var base64Chars = new char[endPosition + 1];
        base64Chars[endPosition] = (char)('0' + base64String.Length - endPosition); // Store a char at the end, to indicate how many padding chars are needed

        ////////////////////////////////////////////////////////
        // Step 3: Copy in the other chars. Transform the "+" to "-", and "/" to "_"
        for (var i = 0; i < endPosition; i++)
        {
            var character = base64String[i];

            switch (character)
            {
                case '+':
                    base64Chars[i] = '-';
                    break;

                case '/':
                    base64Chars[i] = '_';
                    break;

                case '=':
                    Debug.Assert(false);
                    base64Chars[i] = character;
                    break;

                default:
                    base64Chars[i] = character;
                    break;
            }
        }
        return new string(base64Chars);
    }

    private static byte[] UrlTokenDecode(string input)
    {
        if (input == null)
            throw new ArgumentNullException(nameof(input));

        var inputLength = input.Length;
        if (inputLength < 1)
            return new byte[0];

        ///////////////////////////////////////////////////////////////////
        // Step 1: Calculate the number of padding chars to append to this string.
        //         The number of padding chars to append is stored in the last char of the string.
        var paddingCharacters = input[inputLength - 1] - '0';
        if (paddingCharacters < 0 || paddingCharacters > 10)
            return null;


        ///////////////////////////////////////////////////////////////////
        // Step 2: Create array to store the chars (not including the last char)
        //          and the padding chars
        var base64Chars = new char[inputLength - 1 + paddingCharacters];


        ////////////////////////////////////////////////////////
        // Step 3: Copy in the chars. Transform the "-" to "+", and "*" to "/"
        for (var i = 0; i < inputLength - 1; i++)
        {
            var character = input[i];

            switch (character)
            {
                case '-':
                    base64Chars[i] = '+';
                    break;

                case '_':
                    base64Chars[i] = '/';
                    break;

                default:
                    base64Chars[i] = character;
                    break;
            }
        }

        ////////////////////////////////////////////////////////
        // Step 4: Add padding chars
        for (var i = inputLength - 1; i < base64Chars.Length; i++)
        {
            base64Chars[i] = '=';
        }

        // Do the actual conversion
        return Convert.FromBase64CharArray(base64Chars, 0, base64Chars.Length);
    }
}
Eonasdan
  • 7,563
  • 8
  • 55
  • 82