6

I created MVC 4 application. In that application If user forgot the password I have method to send an email to user to reset password. I'm using asp.net Identity membership

I'm getting following error message when I deploy this project in web server. Its working perfectly in my localhost mode.

Error Message

Cannot edit this User The data protection operation was unsuccessful. This may have been caused by not having the user profile loaded for the current thread's user context, which may be the case when the thread is impersonating.!

this is the forgot password method

    [AllowAnonymous]
    public ActionResult ForgotPassword()
    {
        return View();
    }            

    [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public async Task<ActionResult> ForgotPassword(ForgotPasswordViewModel model)
    {

        if (model.UserName == null)
        {
            ModelState.AddModelError("", "Please enter the Username");
        }

        if (model.Email == null)
        {
            ModelState.AddModelError("", "Please enter the Email ID");
        }

        if (model.Email == null & model.UserName == null)
        {
            ModelState.AddModelError("", "Please enter the Username and Email ID");
        }

        if(ModelState.IsValid)
        {
            var username = await UserManager.FindByNameAsync(model.UserName);
            var user = await UserManager.FindByEmailAsync(model.Email);



            if (user != null && username != null)
            {
                ApplicationDbContext context = new ApplicationDbContext();
                UserStore<ApplicationUser> store = new UserStore<ApplicationUser>(context);


                var provider = new Microsoft.Owin.Security.DataProtection.DpapiDataProtectionProvider("MyProject"); 
                UserManager.UserTokenProvider = new Microsoft.AspNet.Identity.Owin.DataProtectorTokenProvider<ApplicationUser>(provider.Create("EmailConfirmation"));
                var code = await UserManager.GenerateEmailConfirmationTokenAsync(user.Id);

                System.Net.Mail.MailMessage m = new System.Net.Mail.MailMessage(
                new System.Net.Mail.MailAddress("sample@email.lk", "My Application"),
                new System.Net.Mail.MailAddress(user.Email));
                m.Subject = "Reset your Password";
                m.IsBodyHtml = true;

                m.Body = string.Format("<img src=\"@@IMAGE@@\" alt=\"\"><BR/><BR/>Hi {0},<BR/><BR/>Please click the below link to reset your password. <BR/><BR/> <a href=\"{1}\" title=\"Reset Password\">Reset Password</a>", user.UserName, Url.Action("ResetPassword", "Account", new { UserId = user.Id, code = code }, Request.Url.Scheme)) + string.Format("<BR/><BR/>Regards,<BR/>We Are <BR/>");



                 string attachmentPath = Server.MapPath("~/Images/hec-logo.png");

                string contentID = Path.GetFileName(attachmentPath).Replace(".", "") + "@zofm";

                Attachment inline = new Attachment(attachmentPath);
                inline.ContentDisposition.Inline = true;
                inline.ContentDisposition.DispositionType = DispositionTypeNames.Inline;
                inline.ContentId = contentID;
                inline.ContentType.MediaType = "image/png";
                inline.ContentType.Name = Path.GetFileName(attachmentPath);
                m.Attachments.Add(inline);

                // replace the tag with the correct content ID
                m.Body = m.Body.Replace("@@IMAGE@@", "cid:" + contentID);

                System.Net.Mail.SmtpClient smtp = new System.Net.Mail.SmtpClient("11.11.11.111");
                smtp.Port = 11;
                smtp.Credentials = new System.Net.NetworkCredential("sample@email.lk", "8888888");
                smtp.EnableSsl = false;
                smtp.Send(m);

                // Don't reveal that the user does not exist or is not confirmed

            }



            return View("ForgotPasswordConfirmation");
        }


      else 
      {
            ModelState.AddModelError("", "The Username or Email ID is invalid.");
      }
        // If we got this far, something failed, redisplay form
        return View(model);
    }
LJNielsenDk
  • 1,414
  • 1
  • 16
  • 32
Chathz
  • 723
  • 4
  • 16
  • 41
  • I wonder is it the same issue as [this](http://stackoverflow.com/questions/23455579/generating-reset-password-token-does-not-work-in-azure-website)? Havent' flagged as possible duplicate as I don't know for sure :) – Stephen Byrne Jun 05 '15 at 07:45

1 Answers1

9

I had same issue , then after many research I found out that problem is in IIS deployment

so following this thread I able to fix my issue

The data protection operation was unsuccessful. This may have been caused by not having the user profile loaded for the current thread’s user context, which may be the case when the thread is impersonating.

  • Open your IIS Manager

  • Find out what AppPool your application is using by selecting your App, right-click on it, and Select Manage Application -> Advanced
    Settings.

enter image description here

  • After that, on the top left hand side, select Applications Pools, and go ahead and select the App Pool used by your app.

  • Right-click on it, and select Advanced Settings, Go to the Process Model Section and Find the “Load User Profile” Option and set it to
    true.

enter image description here

Kelum
  • 1,745
  • 5
  • 24
  • 45