Search code examples
c#asp.net-mvcwcfasp.net-identity-2confirmation-email

Email Confirmation Error Invalid Token AspNet Identity


I have two Web applications, WCF and MVC which share same database. I am using Aspnet Identity 2.0

While registering new user, it creates confirmation token and sends email to the user. Creating token, sending email is mostly done in WCF, verification is done in MVC application.

var code = UserManager.GenerateEmailConfirmationToken(user.Id);
string.Format("{0}/Account/ConfirmEmail?userId={1}&code={2}", WebsiteUrl, 
   HttpUtility.UrlEncode(user.Id), HttpUtility.UrlEncode(codeId));

I am using same Data Protection Provider

In WCF

var provider = new Microsoft.Owin.Security.DataProtection.DpapiDataProtectionProvider("MyTestApplication");
UserManager.UserTokenProvider =
                new Microsoft.AspNet.Identity.Owin.DataProtectorTokenProvider<ApplicationUser>(
                    provider.Create("UserToken"))
                {
                    TokenLifespan = TimeSpan.FromDays(7)
                };

In MVC

var dataProtectionProvider = new Microsoft.Owin.Security.DataProtection.DpapiDataProtectionProvider("MyTestApplication");
manager.UserTokenProvider = new DataProtectorTokenProvider<ApplicationUser>(dataProtectionProvider.Create("UserToken"))
                {
                    TokenLifespan = TimeSpan.FromDays(7)
                };
            }

Source : Make ASP.NET Identity 2.0 Email confirm token work for WCF and MVC

Now to my Problem

  1. Works fine in localhost and qa. Tested ok on SSL in localhost too.

  2. Fails on Production (uses SSL). Generating token from WCF and validating in MVC fails.

  3. Generating and Validating in same Application works.

How is this invalid token error occuring? Has web.config anything to do with it?


Solution

  • Found the problem.

    It was the application pools in IIS. I was using different application pool for WCF and MVC application. Now i put it in same application pool and is working fine.

    Additional Info: For those having same problem and my solution doesn't fix the problem then you might want to try machineKey.

    http://gunaatita.com/blog/Invalid-Token-Error-on-Email-Confirmation-in-Aspnet-Identity/1056

    PS. I almost always find answer myself after i post it on stackoverflow. Thank you.