I'm using Web API and Asp.net Identity to perform user related Operations. Trying to Reset the Password With token Generated from GeneratePasswordResetTokenAsync method, but I'm getting the error "Invalid Token" Note: Using Kubernetes and having Multiple Instances(pods) of the application, I'm facing this error. However, when running locally, it works fine.
private static UserManager<IdentityUser> _userManager;
public async Task<IActionResult> ForgotPassword(string email)
{
var user = await _userManager.FindByEmailAsync(email);
var resetToken = await _userManager.GeneratePasswordResetTokenAsync(user);
result = await SendForgotPasswordLinkEmail(email, resetToken);
if (result)
return Ok(result);
else
return BadRequest(result);
}
public async Task<IActionResult> ResetPassword(model)//model contains all neccessary values
{
var user = await _userManager.FindByEmailAsync(model.Email);
var check =await_userManager.ResetPasswordAsync(user,model.ResetPasswordToken,model.Password);
}
thanks @Machado for your reference: Here's a link
problem is each instance has its own memory where the data are stored. and we can't ensure that the same instance created the reset token will handle the change password because of that it let to mismatches
to solve this issue we need to create a store point where each instance can share the data for communication which prevent data mismatch more info about this is in the link
another workaround:
you can create your own salt key for the user and with that, you can confirm the user to reset password and resetting can be done by using
(Note: vulnerability inversely proportional to your salt key encryption)