0

I am using ASP.NET Identity 2.0.

In my business layer (a separate DLL), I am using a UserManager for simple tasks like CreateUser oder DeleteUser.

 protected UserManager<User> UserManager
    {
        get
        {
            if (_userManager == null)
            {
                _userManager = new UserManager<User>(UserStore);
            }

            _userManager.UserValidator = new UserValidator<User>(_userManager)
            {
                AllowOnlyAlphanumericUserNames = false,
                RequireUniqueEmail = true
            };

            return _userManager;
        }
    }

Everything is fine so far.

Now I want to generate email confirmation tokens as well:

public string GenerateEmailConfirmationToken(User user)
    {
        if (user == null)
            return null;

        return UserManager.GenerateEmailConfirmationToken(user.Id);
    }

The above code fails during run-time because my UserManager is lacking a DataProtectionProvider.

My problem: I don't know how to add a DataProtectionProvider to my UserManager.

In an MVC web project, this is a simple task (code taken from IdentityConfig.cs):

public static ApplicationUserManager Create(IdentityFactoryOptions<ApplicationUserManager> options, IOwinContext context) 
    {
        var manager = new ApplicationUserManager(new UserStore<User>(context.Get<ApplicationDbContext>()));
        // Configure validation logic for usernames
        manager.UserValidator = new UserValidator<User>(manager)
        {
            AllowOnlyAlphanumericUserNames = false,
            RequireUniqueEmail = true
        };

        // Configure validation logic for passwords
        manager.PasswordValidator = new PasswordValidator
        {
            RequiredLength = 6,
            RequireNonLetterOrDigit = false,
            RequireDigit = true,
            RequireLowercase = true,
            RequireUppercase = true,
        };

        var dataProtectionProvider = options.DataProtectionProvider;
        if (dataProtectionProvider != null)
        {
            manager.UserTokenProvider = 
                new DataProtectorTokenProvider<User>(dataProtectionProvider.Create("semperplus"));
        }

        return manager;
    }

But the UserManger in my business logic does not know the UserManager from my web project. I guess I could pass down my web project's UserManager to my business layer, but I have a couple other client project's too (which are not web based). So, I would rather have it the other way: Create a UserManager in the business layer and have all other projects use this one.

Does anybody know how to create a DataProtectionProvider in my business layer project?

Ingmar
  • 1,525
  • 6
  • 34
  • 51
  • Are you using Dependency Injection framework? – trailmax May 05 '15 at 19:53
  • @trailmax: No, I don't. And I was hoping to get this solved without "fancy" stuff. How about creating a simple custom DataProtectionProvider? I have been researching for this before I posted my question, but I got stuck/didnt understand it. – Ingmar May 06 '15 at 05:13
  • Ok, I think I got what I need (haven't tested it yet though): var dataProtectionProvider = new DpapiDataProtectionProvider("MyApplication"); _userManager.UserTokenProvider = new DataProtectorTokenProvider(dataProtectionProvider.Create()); – Ingmar May 06 '15 at 07:02
  • DpapiDataProtectionProvider comes from the Microsoft.Owin.Security namespace – Ingmar May 06 '15 at 07:02
  • 2
    Have a look on this thread: http://stackoverflow.com/a/23661872/809357 – trailmax May 06 '15 at 08:26
  • 2
    @trailmax: Perfect. My DpapiDataProtectionProvider was returning the same token over and over again - and I still have no explanation for this. The link you referred me to: perfect. Now it is working the way I need it. Thank you very much for digging this out!! – Ingmar May 06 '15 at 12:01
  • Here's another link that shows how to persist the token on the user table, and then validate the token later: http://eliot-jones.com/2014/10/asp-identity-2-0-password-reset – Sean Jun 18 '15 at 20:16

0 Answers0