0

I'm at my wits end here, I cannot figure out why this function fails to authenticate every time.

I have the following class:

public class UserService : UserManager<AzularisUser>, IUserService
{
    //Some custom methods here
}

Then I try to invoke the following method which is native to UserManager

var result = await _userService.ResetPasswordAsync(user.Id, requestModel.Code, requestModel.Password);

The problem is that this ALWAYS returns false. Now the code that is passed in is correct. I had it sent to my email and I generated it in this way:

await _userService.GeneratePasswordResetTokenAsync(user.Id);

So my biggest problem is that because that I can't debug UserManager to find out where it fails, all I get is a big false. Any suggestions on how I can figure this out?

Bagzli
  • 6,254
  • 17
  • 80
  • 163
  • Have you tried http://stackoverflow.com/a/28747830/11683? – GSerg Feb 11 '17 at 16:41
  • I looked at my reset code, and what I ended up doing was a UserManager.PasswordRemove followed by a UserManager.AddPassword. – Steve Greene Feb 11 '17 at 16:58
  • @GSerg Yes I have seen that post and looked at my security stamps in the database, they have values. Unless I'm not understanding that answer correctly. – Bagzli Feb 11 '17 at 17:56
  • 1
    @SteveGreene but then how do you validate that the user actually owns that email. You need to verify the code. – Bagzli Feb 11 '17 at 17:57
  • @Bagzli what happens if you generate the reset code within the same request as trying to reset the password? I.e. in the same action create code and then use it without sending it anywhere? (not for production, just trying to see the reasons) – trailmax Feb 12 '17 at 00:41
  • @trailmax haven't tried, I'll give it a try in the morning. – Bagzli Feb 12 '17 at 02:20
  • @trailmax I tried what you suggested and the password was reset. If I generate the code and then reset it right away, it works (using the same method) but if I go through my recover page and I pass along exact same information, it fails. – Bagzli Feb 12 '17 at 15:25
  • @trailmax ok this is really weird now because I haven't changed a thing, but all of a sudden it works. It resets the password now and I am wondering if this is time-based somehow? My problem that is. – Bagzli Feb 12 '17 at 15:41
  • @Bagzli looks like your token have been modified in transfer. See this QA: http://stackoverflow.com/q/27535233/809357 – trailmax Feb 12 '17 at 22:13
  • @trailmax That did not resolve my problem as now I'm getting the problem again on the live site and I made sure to UrlEncode the token. – Bagzli Feb 18 '17 at 16:06

0 Answers0