I have two Web applications, WCF and MVC which share same database. I am using Aspnet Identity 2.0
While registering new user, it creates confirmation token and sends email to the user. Creating token, sending email is mostly done in WCF, verification is done in MVC application.
var code = UserManager.GenerateEmailConfirmationToken(user.Id);
string.Format("{0}/Account/ConfirmEmail?userId={1}&code={2}", WebsiteUrl,
HttpUtility.UrlEncode(user.Id), HttpUtility.UrlEncode(codeId));
I am using same Data Protection Provider
In WCF
var provider = new Microsoft.Owin.Security.DataProtection.DpapiDataProtectionProvider("MyTestApplication");
UserManager.UserTokenProvider =
new Microsoft.AspNet.Identity.Owin.DataProtectorTokenProvider<ApplicationUser>(
provider.Create("UserToken"))
{
TokenLifespan = TimeSpan.FromDays(7)
};
In MVC
var dataProtectionProvider = new Microsoft.Owin.Security.DataProtection.DpapiDataProtectionProvider("MyTestApplication");
manager.UserTokenProvider = new DataProtectorTokenProvider<ApplicationUser>(dataProtectionProvider.Create("UserToken"))
{
TokenLifespan = TimeSpan.FromDays(7)
};
}
Source : Make ASP.NET Identity 2.0 Email confirm token work for WCF and MVC
Now to my Problem
Works fine in localhost and qa. Tested ok on SSL in localhost too.
Fails on Production (uses SSL). Generating token from WCF and validating in MVC fails.
How is this invalid token
error occuring? Has web.config
anything to do with it?
Found the problem.
It was the application pools in IIS. I was using different application pool for WCF and MVC application. Now i put it in same application pool and is working fine.
Additional Info: For those having same problem and my solution doesn't fix the problem then you might want to try machineKey
.
http://gunaatita.com/blog/Invalid-Token-Error-on-Email-Confirmation-in-Aspnet-Identity/1056
PS. I almost always find answer myself after i post it on stackoverflow. Thank you.