Search code examples
c#asp.net-core-mvcasp.net-identity.net-5reset-password

Resetting password isn't working when it's called from a sent email net core identity

Using .net 5 in an mvc application I scaffolded Identity and the code for resetting the password in ResetPassword page is working well and here is the code:

 var code = await _userManager.GeneratePasswordResetTokenAsync(user);
            code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code));
            var callbackUrl = Url.Page(
                "/Account/ResetPassword",
                pageHandler: null,
                values: new { area = "Identity", code },
                protocol: Request.Scheme);

            await _emailSender.SendEmailAsync(
                Input.Email,
                "Reset Password",
                $"Please reset your password by <a href='{HtmlEncoder.Default.Encode(callbackUrl)}'>clicking here</a>.");

            return RedirectToPage("./ForgotPasswordConfirmation");

but what I'm doing is when registering a new user the application generates a custom made random password and sends it to the user and then and tells the user to click here to reset the password. when clicking on the link it takes the user to an almost empty page with only one sentence :"A code for reset password must be implemented" as shown in the picture below.

here is the code from the register page :

  var code = await _userManager.GenerateEmailConfirmationTokenAsync(user);
                code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code));
                var callbackUrl = Url.Page(
                    "/Account/ConfirmEmail",
                    pageHandler: null,
                    values: new { area = "Identity", userId = user.Id, code = code, returnUrl = returnUrl },
                    protocol: Request.Scheme);
                
                var passwordToken = await _userManager.GeneratePasswordResetTokenAsync(user);
                passwordToken = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(passwordToken));
                var resetPasswordCallbackUrl = Url.Page(
                    "/Account/ResetPassword",
                    pageHandler: null,
                    values: new { area = "Identity", passwordToken },
                    protocol: Request.Scheme);

                await _emailSender.SendEmailAsync(
                    Input.Email,
                    $"You have been registered in bla bla",
                   $"<p> your password is </p><p>\"{Input.Password}\"</p>\n to change it please click<a href ='{HtmlEncoder.Default.Encode(resetPasswordCallbackUrl)}'>here </a>");

                await _emailSender.SendEmailAsync(Input.Email, "please confirm your email",
                    $"please confirm your email by clicking <a href='{HtmlEncoder.Default.Encode(callbackUrl)}'>here</a>.");

                return LocalRedirect(returnUrl);

the email confirm mail is working perfectly but the reset password link is showing this

how can I fix this ?

Solution

  • Try to change the variable name passwordToken to code