I created a Web Forms 4.5.2 test application. This is a two-part question.
(1) I see that Microsoft.AspNet.Identity.Core is installed. Is this version compatible with Web Forms or only with ASP.NET Core apps?
(2) When trying to get the reset password form working, I was getting a unhelpful generic error message, so I debugged the following out-of-the-box code:
protected void Reset_Click(object sender, EventArgs e)
{
string code = IdentityHelper.GetCodeFromRequest(Request);
if (code != null)
{
var manager = Context.GetOwinContext().GetUserManager<ApplicationUserManager>();
var user = manager.FindByName(Email.Text);
if (user == null)
{
ErrorMessage.Text = "No user found";
return;
}
var result = manager.ResetPassword(user.Id, code, Password.Text);
if (result.Succeeded)
{
Response.Redirect("~/Account/ResetPasswordConfirmation");
return;
}
ErrorMessage.Text = result.Errors.FirstOrDefault();
return;
}
ErrorMessage.Text = "An error has occurred";
return;
}
}
IdentityHelper.GetCodeFromRequest(Request) is returning null. In the IdentityModels.cs class I see the following:
public const string CodeKey = "code";
public static string GetCodeFromRequest(HttpRequest request)
{
return request.QueryString[CodeKey];
}
I would have expected this to work out of the box? Since there is no query parameter generated, am I to assume that we are supposed to code this ourselves? Is the CodeKey query parameter even needed here or is there another way to get the token expected by the ResetPassword method?
yes its compatible.
the "code" is generated in Forgot.aspx.cs:
string code = manager.GeneratePasswordResetToken(user.Id);
//(out of the box its commented out)
and sent via email without the code everybody would be able to reset.