i have 2 servers using same asp.net core identity backend. generate password reset token following:
var token = await _usermanager.generatepasswordresettokenasync(applicationuser); i send token via email link. when user clicks link, taken separate site should provide ui change password. following code handles user's password submission of both token , new password:
var identityresult = await _usermanager.resetpasswordasync(applicationuser, code, password); on second server, identity result returns false because "invalid token".
looking through source, see token generated using ip address (so understand why token validation failed).
my question how enable successful token creation/validation across different machines? in previous forms of asp.net, use shared machine key prevent these scenarios. asp.net core doesn't seem have similar concept. i've read, seems might scenario use dataprotection api. unfortunately, haven't seen examples how apply generating reset token.
have tried setting application name same value in both applications?
services.adddataprotection().setapplicationname("same both apps"); https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/overview
p.s - i'm struggling same problem.
Comments
Post a Comment