I am looking for an alternative to DpapiDataProtectionProvider because this uses machine key and a user requests to reset the password from other application rather than the main MVC product, the token is always invalid.
I have got an ASP.net MVC application and an API application. They are both using the same token provider passwords like this:
var provider = new DpapiDataProtectionProvider("MyWeb");
appManager.UserTokenProvider = new DataProtectorTokenProvider<ApplicationUser>(provider.Create("MyWebToken"));
DpapiDataProtectionProvider relies on machine key, so the token is invalid when using a link from an email. What alternative could I use?
Thanks
For anyone with the same problems, I ended up using MachineKeyProtectionProvider like this solution offered here and I included this line in the startUp:
app.SetDataProtectionProvider(new MachineKeyProtectionProvider());
and I added machine key in web.config files.