12

I'm looking to send the user an SMS when reseting their password. I already have the facilities to send a SMS, I just need a guide on how to set it up with Identity 2.0. I can't seem to find any useful info online, the reference code itself isn't properly commented either.

I want to generate a security code, send it to the user, he must then input it into a form and then be allowed to reset his/her password. Can anyone direct me to a guide/tutorial that explains this process?

Swifty
  • 1,422
  • 2
  • 18
  • 38
  • Review 'Two Factor Authentication'. Default template has two providers registered in "IdentityConfig.cs" – jd4u Jun 03 '14 at 08:03
  • 5
    He's talking about resetting the password, not two factor authentication. The generated tokens for resetting the password are way too long to ask a user to type in. There is nothing in any tutorial or template I've found so far that shows a process for using sms for password reset. – Precious Roy Jul 18 '14 at 12:48

1 Answers1

6

After digging in the identity source code i found an alternative token provider that can generate tokens similar to phone number confirmation (six digits).

I had to implement two methods in my UserManager to generate the code and then to validate it.

I declared the token provider inside the UserManager

private TotpSecurityStampBasedTokenProvider<User, string> smsResetTokenProvider = new TotpSecurityStampBasedTokenProvider<User, string>();

This is the first method to generate the code:

public async Task<string> GenerateSMSPasswordResetToken(string userId)
    {
        var user = await base.FindByIdAsync(userId);
        var token = await smsResetTokenProvider.GenerateAsync("Reset Password", this, user);
        return token;
    }

This is the second method to validate the code:

public async Task<IdentityResult> SMSPasswordResetAsync(string userId, string token, string newPassword)
    {
        var user = await base.FindByIdAsync(userId);
        var valid = await smsResetTokenProvider.ValidateAsync("Reset Password", token, this, user);
        if (valid)
        {
            var passwordStore = Store as IUserPasswordStore<User, string>;

            var result = await UpdatePassword(passwordStore, user, newPassword);
            if (!result.Succeeded)
            {
                return result;
            }
            return await UpdateAsync(user);
        }
        else
        {
            return IdentityResult.Failed("InvalidToken");
        }
    }

You may need to tweak the code depending on your user manager

Souhaieb Besbes
  • 1,485
  • 17
  • 30
  • can you see my question please : `https://stackoverflow.com/questions/44243574/how-use-totpsecuritystampbasedtokenprovider-in-asp-net-identity-4` – pmn May 29 '17 at 13:27
  • Your answer is the most accurate to this question but Im getting this exception: `Unable to resolve service for type 'Microsoft.AspNetCore.Identity.TotpSecurityStampBasedTokenProvider`1` while attempting to activate the controller. My implementation is: `private readonly TotpSecurityStampBasedTokenProvider _smsProvider;` – Dev Mar 02 '20 at 00:40
  • Perfect answer. – Junaid Sep 06 '22 at 15:36