Reset Token Parameter Leads to 404

Question

I am using reactjs + react router + iis

I am trying to do a password reset so my url lookslike

https://www.example.com/forgotPassword/CfDJ8BocAWQJpDVCswirwjHYLWRCG6zZTSxopJgdO3DDm4aO3g3PDFOjmENf6aTbq4qNUF6lMQuOot%2f1e1xZYdkM%2fV9%2bvatM6UBYNBJsZRBuiNnvnX2dPnMv8ANqg56Q2jaCXfVvW4Q%2fwGDDud28NJsFPQIBcb%2bsTnnu%2f22qwfEODpXk4e1BB8VdJWXwzEy8r1F9dq4iptdVEAf5thdUn4lMMpxsKW5r63QLCnn19GPhUcQA

On localhost it works great, on production I get a 404

If I do this on production

https://www.example.com/forgotPassword/1414

Works great as well. So I am guessing it is something with the token, I tried url encoding it as that was a problem.

My route

   <Route exact path="/forgotPassword/:token" component={ResetPasswordComponent} />

for whatever reason something in the token string(if I shorten it down, it works) is making it think that it is a page

edit

if I do this

CfDJ8BocAWQJpDVCswirwjHYLWRCG6zZTSxopJgdO3DDm4aO3g3PDFOjmENf6aTbq4qNUF6lMQuOot

Page loads, it does not like the %2 in the token.

Edit

I am using the MS identity library and I am using this method from the UserManager

userManager.GeneratePasswordResetTokenAsync(employee)

Can you please show how you're handling the token in the router? — Sterling Archer, Jun 26 '19 at 18:44

score 0 · Answer 1 · answered Jul 04 '19 at 08:16

0

Yes, problem is with your token. It happened to me once, when I was using base64encode to create token, and there was some / symbols etc. which were giving me 404 error.

There is an answer about best practices to generate forget password token, you can refer to this to generate your token more safely.

answered Jul 04 '19 at 08:16

Orkhan Huseynli

909
10
13

I don't see any slashes even when I tried an online base64 decoder. The problem is that I am using asp.net identity this is what it generates for me, I am not generating the token myself. – chobo2 Jul 04 '19 at 16:22
What I am trying to say that problem is not with `react-router` and you know this, try different ways of generating the token, maybe generate it by yourself instead of using asp.net identity. – Orkhan Huseynli Jul 04 '19 at 17:20
do you have an example on how to generate it myself? It is hard to find information on identity. – chobo2 Jul 05 '19 at 17:36
Here is [another answer](https://stackoverflow.com/questions/14643735/how-to-generate-a-unique-token-which-expires-after-24-hours). Just don't use `base64` encoding, use something like `md5`. – Orkhan Huseynli Jul 06 '19 at 05:19
Well the problem is I am using asp.net identity core, with this one line of code I get the token: userManager.GeneratePasswordResetTokenAsync(employee) if I don't use it I will have to essentially roll out my own thing what kind of defeats the purpose of using the toolkit. It is written by Microsoft not me. – chobo2 Jul 06 '19 at 18:20
You should write it yourself or read documentation carefully. Problem obviously is not with `react-router` or check .NET's routes or IIS's configuration – Orkhan Huseynli Jul 07 '19 at 05:52

Reset Token Parameter Leads to 404

1 Answers1

Linked