0

So, I've been reading the docs and I'm trying to make my site on a web farm. I've searched a lot of articles and it seems like setting the keyring to a common network path should be all that is required to get the data protection to work. In my case, I'm persisting it to Azure.

Now, authentication is working fine, but I'm always getting the Invalid Token error when a user tries to reset his password (when the link is generated on one machine and verified on another).

EDIT: added code for generating the link and verifying the token.

Btw, here's the code used for generating the reset link with the token:

var code = await _userManager.GeneratePasswordResetTokenAsync(user);
await _emailSender.SendPasswordResetAsync(user,
                                     User.IsAuthenticated(),
                                     Url.Link("default",
                                     new {
                                        Controller = "Account", 
                                        Action = "ResetPasswordEmail", 
                                        token = code, 
                                        email = user.Email
                                     }),                                                          
                                    _dbContext.Database.GetDbConnection(),
                                    CancellationToken.None);

And here's how it's validated:

var validToken = await _userManager.VerifyUserTokenAsync(user,
                                                         "Default",
                                                         "ResetPassword",
                                                         token);

Any ideas on what's going on?

Thanks.

Luis Abreu
  • 4,008
  • 9
  • 34
  • 63
  • How are you generating the token? Are you perhaps URL encoding/decoding it incorrectly? _when the link is generated on one machine and verified on another_ - so it works when you generate and verify it on the same machine? – Xerillio Oct 08 '20 at 16:21
  • Yes, when it's send to the same machine verification works our as expected... I'll add some code when I get back to my machine – Luis Abreu Oct 08 '20 at 16:50
  • Hello again. I've added the code user for generating and checking the token. _userManager references a valid UserManager instance. – Luis Abreu Oct 08 '20 at 19:41

1 Answers1

0

Ok, as always, the problem was between the chair and the keyboard...

The problem was that the keyring was setup to use azure inside an #if RELEASE condition which wasn't set up on the publish pipeline...

Bottom line: sharing the keyring is all that was needed to get everything up and running...

Luis Abreu
  • 4,008
  • 9
  • 34
  • 63