How to implement a TokenProvider in ASP.NET Identity 1.1 nightly build?
Solution 1
The default token provider implementation is found in the Microsoft.Identity.Owin
package:
/// <summary>
/// Token provider that uses a DataProtector to generate encrypted tokens
/// </summary>
public class DataProtectorTokenProvider : ITokenProvider {
public DataProtectorTokenProvider(IDataProtector protector)
And you do something like this to wire one up using the default data protection provider from your OWIN IAppBuilder
IDataProtectionProvider provider = app.GetDataProtectionProvider();
if (provider != null)
{
manager.PasswordResetTokens = new DataProtectorTokenProvider(provider.Create("PasswordReset"));
manager.UserConfirmationTokens = new DataProtectorTokenProvider(provider.Create("ConfirmUser"));
}
Solution 2
If someone looking for solution under AspNet.Identity 2.0 beta1 version.
Only this need to be modified.
UserManager.UserTokenProvider = new DataProtectorTokenProvider
<SecurityUser, string>(provider.Create("UserToken"))
as IUserTokenProvider<SecurityUser, string>;
PasswordResetTokens
and UserConfirmationTokens
is merged into UserTokenProvider
property and token provider class is also modified.
Solution 3
Another way to do this (building on the other answers but simplifying it some) is to change Startup.Auth.cs
so it looks similar to this:
public partial class Startup
{
internal static IDataProtectionProvider DataProtectionProvider { get; private set; }
public void ConfigureAuth(IAppBuilder app)
{
DataProtectionProvider = app.GetDataProtectionProvider();
}
}
Then, modify the default constructor in AccountController.cs
so that it looks similar to this:
public AccountController()
: this(new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(new ApplicationDbContext())))
{
if (Startup.DataProtectionProvider != null)
{
this.UserManager.PasswordResetTokens = new DataProtectorTokenProvider(Startup.DataProtectionProvider.Create("PasswordReset"));
this.UserManager.UserConfirmationTokens = new DataProtectorTokenProvider(Startup.DataProtectionProvider.Create("ConfirmUser"));
}
}
Solution 4
Ok, answering my own question based on @hao-kung reply. First add static constructor and UserManagerFactory to Statrup class (startup.auth.cs)
public partial class Startup
{
static Startup()
{
UserManagerFactory = () => new UserManager<IdentityUser>(new UserStore<IdentityUser>());
}
public static Func<UserManager<IdentityUser>> UserManagerFactory { get; set; }
public void ConfigureAuth(IAppBuilder app)
{
var manager = UserManagerFactory();
IDataProtectionProvider provider = app.GetDataProtectionProvider();
if (provider != null)
{
manager.PasswordResetTokens = new DataProtectorTokenProvider(provider.Create("PasswordReset"));
manager.UserConfirmationTokens = new DataProtectorTokenProvider(provider.Create("ConfirmUser"));
}
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
}
}
Then init UserManager in the AccountController using that UserManagerFactory
public AccountController() : this(Startup.UserManagerFactory())
{
}
public AccountController(UserManager<IdentityUser> userManager)
{
UserManager = userManager;
}
public UserManager<IdentityUser> UserManager { get; private set; }
graycrow
Updated on July 09, 2022Comments
-
graycrow almost 2 years
I'm trying to implement password reset functionality with nightly build of ASP.NET Identity 1.1. There is a UserManager.GetPasswordResetToken method, but it throws an exception "No ITokenProvider is registered". Is there an built in token provider in ASP.NET Identity? If yes, how I can register it? If no, how I can implement one? Will be default Token Provider in the 1.1. release? And final question, is there an estimated 1.1 release date?
-
graycrow over 10 yearsThank you, looks promising. Just one question: how can I access IAppBuilder app from the place where I initializing UserManager (for example, from AccountController)?
-
Scott Dorman over 10 yearsWhich nightly build is this in? I'm using the 1.1.0-alpha1-131024 (Prerelease) packages and I don't see a
GetDataProtectionProvider
method. If there is a default token provider why aren't thePasswordResetTokens
andUserConfirmationTokens
properties already initialized with it so we don't have to jump through these hoops to be able to use them? Unless you need to change something about how the tokens are generated, this should "just work" out of the box without any extra work required or (to me at least) there isn't really a point in creating a default provider. -
Hao Kung over 10 yearsSo the reason they are not part of Identity.Core and live in Identity.Owin is that Core cannot depend on Owin, and the default implementation comes from Owin. GetDataProtectionProvider lives in Microsoft.Owin.Security.DataProtection as an extension method off of IAppBuilder I believe.
-
Scott Dorman over 10 yearsFound the method in the namespace you specified. I still think all of this should already be initialized out of the box. I shouldn't have to set any of this up unless I want to change how the token providers work.
-
PussInBoots about 10 yearsIt appears that for the account confirmation / forgot password features in ASP.NET Identity 2.0 alpha you need to redesign all of your initialization code for UserManager etc. Just take a look in this sample MVC app aspnet.codeplex.com/SourceControl/latest Samples->Identity->Identity-PasswordPolicy and compare it to a default RTM MVC 5 app and you will see the difference. There is a huge difference in the initialization stuff (check Startup.Auth.cs for instance) and will have a big impact on any MVC application using ASP.NET Identity 1.0 (current RTM). Not so good!
-
Hao Kung about 10 yearsIn general the old 1.0 style will work as well, our prescriptive guidance and default samples will just be doing things differently since some of the new 2.0 features require the initialization.
-
Pit Digger about 10 yearsWhere does DataProtectorTokenProvider come from ?
-
Vikash Kumar about 10 yearsIt comes from
Microsoft.AspNet.Identity.Owin
namespace. -
Pit Digger about 10 yearsNope its not there in it .
-
Vikash Kumar about 10 yearsI am not sure which version are you using. You can look this class link
-
masterwok almost 10 yearsHow would someone set the TokenLifespan to be different if both PasswordResetTokens and UserConfirmation tokens are merged into UserTokenProvider?
-
Vikash Kumar almost 10 yearsNot sure if this facility is available. Codeplex
-
heymega almost 10 years@jtsan The Token lifespan is a public property so you can set it before each call. new DataProtectorTokenProvider<ApplicationUser>(dataProtectionProvider.Create("ASP.NET Identity")){ TokenLifespan = new TimeSpan() };
-
ManirajSS over 8 yearswhat is
GetDataProtectionProvider()
method ?