ASP.NET MVC 5 Default WebApp Forgot Password module missing?

Question

In MVC 4 with SimpleMembership all these functions come with the default webbapp that you create in Visual Studio.

I was wondering where I can find the same for MVC 5 using the new ASP.NET Identity membership system? Is there some official blog or something that is beeing hidden from me in google search results?

UPDATE1: http://blogs.msdn.com/b/webdev/archive/2013/12/20/announcing-preview-of-microsoft-aspnet-identity-2-0-0-alpha1.aspx

UPDATE2: ASP.NET Identity 2.0 RTM has been released. Forgot Password is included in the samples/templates. http://blogs.msdn.com/b/webdev/archive/2014/03/20/test-announcing-rtm-of-asp-net-identity-2-0-0.aspx

Answer 1

We are working on adding these features to the ASP.NET Identity system and the MVC 5 templates.

Answer 2

I ran into this as well. To fix it, I created some controller actions in AccountController.cs (and corresponding views) to handle it.

Here are the actual lines that reset the user's password:

[AllowAnonymous]
[HttpPost]
public ActionResult ResetForgottenPassword(string key, ManageUserViewModel model)
{
    var user = db.Users.SingleOrDefault(u => u.ForgotPasswordCode != null && u.ForgotPasswordCode == key);

    if (user == null || !user.ForgotPasswordDate.HasValue || user.ForgotPasswordDate.Value.AddDays(1) < DateTime.UtcNow)
            return new HttpUnauthorizedResult();

    ModelState state = ModelState["OldPassword"];
    if (state != null)
    {
        state.Errors.Clear();
    }

    if (ModelState.IsValid)
    {
        if (UserManager.HasPassword(user.Id))
            UserManager.RemovePassword(user.Id);

        IdentityResult result = UserManager.AddPassword(user.Id, model.NewPassword);

        if (result.Succeeded)
        {
            //Clear forgot password temp key
            user.ForgotPasswordCode = null;
            user.ForgotPasswordDate = null;
            db.SaveChanges();

            //Sign them in
            var identity = UserManager.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie);
            AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = false }, identity);

            return RedirectToAction("Manage", new { Message = ManageMessageId.SetPasswordSuccess });
        }
        else
        {
            AddErrors(result);
        }
    }

    ViewBag.ForgotPasswordCode = key;

    return View(model);
}

Some custom items are the new fields on the user object:

• ForgotPasswordCode and ForgotPasswordDate to keep track of the user throughout the "reset password email" process.
• I pass the key around in in the ViewBag once the user arrives from the email link.
• The db variable is a property of my database context class inherited from a base controller.
• I use UTC DateTimes in my database. Change DateTime.UtcNow to DateTime.Now if you do not.

Probably not the best solution, but it's a fairly quick and simple patch.

Answer 3

You can build a reset password by yourself (not sure that is the better choice, but is better than nothing)

Generate the hash with:

var newPwdHash = new PasswordHasher().HashPassword(newPasswordPlain)

And replace to the user's passwordhash property

Answer 4

If you cannot wait for the ASP.NET Identity Team to add this feature you can get an implementation of password reset from the open source project SimpleSecurity. Just take a look at the ResetPassword action on the AccountController. You can read about how the password reset was implemented here. Although the article references SimpleMembership, SimpleSecurity uses the same API to support either SimpleMembership or ASP.NET Identity in your MVC application.