2

I need to create users in ASP.Net Core without providing the passowrd as it will reset by the user itself after receiving the confirmation email with temporary credentials.

Years ago, I did something similar using MVC4 by generating automatically a password and then by adding the user in the DB and then sending a new user confirmation email:

                String password = Membership.GeneratePassword(10, 3);

                WebSecurity.CreateUserAndAccount(model.UserName, password, new { Organization = model.SelectedOrganization, Email = model.Email });
                Roles.AddUserToRole(model.UserName, model.SelectedRole);
                IDictionary<string, string> data = new Dictionary<string, string>();
                data.Add("name", model.UserName);

                data.Add("password", password);                   
                String subject = String.Format("\"{0}\" - You can now connect to Web Tagging Data System ", model.UserName);
                String body = new TemplatingService().GetTemplatedDocument("NewUserEmail.vm", data);
                new EmailServices().SendEmail(subject, body, model.Email);
                MessageModel messageModel = new MessageModel();
                messageModel.Body = "An email has been sent to this user with its credentials";
                return View("Message", messageModel);

How would you do something similar with ASP.Net Core identity?

Thank you

Sylvain

Sylvain C.
  • 1,043
  • 1
  • 11
  • 27

1 Answers1

0

Something like this, I wrote it out real quick so I may have missed something.

It's pretty self-explanatory, let me know if you don't understand something.

[HttpPost]
public async Task<IActionResult> CreateAccount(CreateUser model)
{
    var user = new User
    {
        Email = model.Email,
        Username = model.Email
    }

    var identityResult = await _userManager.CreateAsync(user);

    if (identityResult.Succeeded)
    {
        var token = await _userManager.GenerateEmailConfirmationTokenAsync(user);
        var emailResult = await _mailService.SendMailAsync("Click here to confirm your account.", token);

        if (emailResult)
        {
            return Ok();
        }

        return StatusCode(500);
    } 

    return BadRequest();
}

[HttpPost]
public async Task<IActionResult> ConfirmAccount(ConfirmUser model)
{
    var user = _userManager.FindByIdAsync(model.UserId);
    if (user == null) return BadRequest();

    var emailResult = await _userManager.ConfirmEmailAsync(user, model.token);

    if (emailResult.Succeeded)
    {
        var identityResult = await _userManager.AddPasswordAsync(user, model.Password);

        if (identityResult.Succeeded) return Ok();
    }

    return BadRequest();
}
Travis Boatman
  • 2,252
  • 16
  • 31
  • 3
    The OP is asking how to generate a password like they did with `Membership.GeneratePassword` in MVC4. Nowhere does your code come close to generating anything – ProfK Apr 24 '18 at 10:59
  • Then refer to https://stackoverflow.com/questions/38995379/alternative-to-system-web-security-membership-generatepassword-in-aspnetcore-ne – Travis Boatman Apr 25 '18 at 08:42
  • 2
    The only proper approach. Pre-generating passwords and forcing people to copy-paste them from email is just a bad-bad UX and needs to be redesigned. Hard to understand why 3 people downvoted. Looks like they can't read the question -- only the last sentence. @ProfK you are one of those. – d_f Sep 09 '20 at 21:07