Search code examples
c#phpcurlasp.net-web-apiasp.net-identity-2

Asp.NET - Identity 2 - Invalid Token Error - Php

I'm using Asp.Net-Identity-2 and I developed the verification email flow.

Everything is working well on my local environment but as soon as I deploy the code to my server and I test the same scenario (that is working on my local) on my server, it says "Invalid Token".

Scenario

  • Change email
  • Receive e-mail
  • Click on the link "Verify email"
  • Redirected to webpage
  • A message pop up saying "Invalid Token"

I already check all the possible mistakes that are in this question and I have everything right, that's why is working perfectly on my local. Has to be something with the server. I thought the date of the server could affect but I put on sync the date of my Database Server and my Web server and it's still failing.

I am using GenerateEmailConfirmationTokenAsync to generate the token and using ConfirmEmailAsync to confirm the token. I am really executing this methods because I put logs for this so I can be sure of it (When you don't know what happens you have to be sure of everything right?)

I already encode/decode the url so the token doesn't get corrupted. I am sure of this because I put logs and run the code in the server and checked couple of times.

The user has a security stamp in the database, so it's not that

The TokenLifeSpan is 8 days. So it's not that.

I even tried the AllowOnlyAlphanumericUserNames property = false in UserValidator and even the UniqueEmail = false

userManager.UserValidator = new UserValidator<User>(userManager) { AllowOnlyAlphanumericUserNames = false, UniqueEmail = false };

Code to generate the token

ApplicationUserManager.GenerateEmailConfirmationTokenAsync(userId);

Code to confirm the token

ApplicationUserManager.ConfirmEmailAsync(subject, token);

Any idea?

Update

It was working on the server/local with all the clients but not with the Php client and the Php client was doing extra work which was changing the Security stamp hence the problem.

As the only client on the server was in Php, I thought that something was wrong with the server and not with my local environment. After installing the whole environment (with php client) in my local and debug, I found out the problem. Please read the answer below.

Solution

  • Well, the error was caused by a code that was being execute after the token generation. This code was changing the SecurityStamp of the user in the database.

    As the Asp.Net Identity 2 uses the the Security Stamp to generate and validate the token and it was changed after the generation of the token, the token was always invalid.

    Thanks!