ASP.NET Core Identity And How It Allows Password Reset

In today’s article we shall discuss how to enable password reset such that users can reset their passwords and get a new password.

The password reset steps in ASP.NET Core Identity works in the following manner:

  • A user mentions that he wants to reset his password. He next specifies his UserName.
  • The system generates a password reset token
  • The system sends an email to the user along with a link to reset the password which contains the password reset token.
  • The user clicks on the password reset link and is presented with a form where a new password can be supplied.
  • The system resets the password after assessing the token and then gives a new password to the user.

To enable password reset, you have to add a view model class and a couple of views. Let’s start here….

Open the Login view and change it to include another form to reset the password. The following mark-up shows the new form.

<h1>Reset Your Password</h1>

<form asp-controller=”Account”

asp-action=”SendPasswordResetLink”

method=”post”>

<table>

<tr>

<td><label asp-for=”UserName”>User Name :

</label></td>

<td><input name=”UserName” type=”text” /></td>

</tr>

<tr>

<td colspan=”2″>

<input type=”submit”

value=”Reset Password” />

</td>

</tr>

</table>

<strong>@ViewBag.Message</strong>

<div asp-validation-summary=”All”></div>

</form>

Did you notice that the above form contains textbox for entering user name and submits to the SendPasswordResetLink() action.

The SendPasswordResetLink() action is given below:

public IActionResult SendPasswordResetLink(string username)

{

MyIdentityUser user = userManager.

FindByNameAsync(username).Result;

if (user == null || !(userManager.

IsEmailConfirmedAsync(user).Result))

{

ViewBag.Message = “Error while

resetting your password!”;

return View(“Error”);

}

var token = userManager.

GeneratePasswordResetTokenAsync(user).Result;

var resetLink = Url.Action(“ResetPassword”,

“Account”, new { token = token },

protocol: HttpContext.Request.Scheme);

// code to email the above link

// see the earlier article

ViewBag.Message = “Password reset link has

been sent to your email address!”;

return View(“Login”);

}

The SendPasswordResetLink() action gets the username as given by the user on the Login view. It then produces a password reset token using GeneratePasswordResetTokenAsync() method of the UserManager. The GeneratePasswordResetTokenAsync() method accepts a MyIdentityUser object whose password is to be reset.

Then a URL is generated containing the password reset token in the query string. The URL points to the ResetPassword() action (discussed next). Note that the code that actually sends an email has been omitted for the sake of clarity. A sample URL looks like this:

http://localhost:49310/Account/ResetPassword?token=….

Before you develop the ResetPassword() actions and the ResetPassword view, add new view model class – ResetPasswordViewModel – in the Models folder. This class is mentioned below:

public class ResetPasswordViewModel

{

[Required]

public string UserName { get; set; }

[Required]

[DataType(DataType.Password)]

public string Password { get; set; }

[Required]

[DataType(DataType.Password)]

public string ConfirmPassword { get; set; }

[Required]

public string Token { get; set; }

}

The ResetPasswordViewModel contains four properties – UserName, Password, ConfirmPassword and Token. The Token property holds the password rest token generated earlier.

The ResetPassword() GET action displays ResetPassword view for supplying the new password.

public IActionResult ResetPassword(string token)

{

return View();

}

The markup of ResetPassword view is as follows:

@model ResetPasswordViewModel

<h1>Reset Your Password</h1>

<form asp-controller=”Account”

asp-action=”ResetPassword”

method=”post”>

<input type=”hidden” asp-for=”Token” />

<table>

<tr>

<td><label asp-for=”UserName”></label></td>

<td><input asp-for=”UserName” /></td>

</tr>

<tr>

<td><label asp-for=”Password”>

New Password</label></td>

<td><input asp-for=”Password” /></td>

</tr>

<tr>

<td><label asp-for=”ConfirmPassword”>

Confirm New Password</label></td>

<td><input asp-for=”ConfirmPassword” /></td>

</tr>

<tr>

<td colspan=”2″>

<input type=”submit”

value=”Reset Password” />

</td>

</tr>

</table>

<div asp-validation-summary=”All”></div>

</form>

The ResetPassword view POSTs to ResetPassword() POST action. This action is given below:

[HttpPost]

public IActionResult ResetPassword

(ResetPasswordViewModel obj)

{

MyIdentityUser user = userManager.

FindByNameAsync(obj.UserName).Result;

IdentityResult result = userManager.ResetPasswordAsync

(user, obj.Token,obj.Password).Result;

if (result.Succeeded)

{

ViewBag.Message = “Password reset successful!”;

return View(“Success”);

}

else

{

ViewBag.Message = “Error while resetting the password!”;

return View(“Error”);

}

}

The ResetPassword() POST action gets ResetPasswordViewModel object which has the user name, new password and the password reset token. It then calls ResetPasswordAsync() method of UserManager in an effort to reset the user’s password to the new value. If all goes fine the IdentityResult will succeed. Accordingly a success message or an error message is displayed to the user.

We conclude the discussion here. Keep coding!!

Let us know your opinion in the comments sections below. And feel free to refer Microsoft’s site to gather more information.

If you want to improve your skill in ASP.Net and excel yourself in ASP.NET training program; our institute, CRB Tech Solutions would be of great help and for you. Come and join us with our well structured program for ASP .Net.

Stay connected to CRB Tech for more technical optimization and other updates and information.

Don't be shellfish...Buffer this pageEmail this to someoneDigg thisShare on FacebookShare on Google+Share on LinkedInPrint this pageShare on RedditPin on PinterestShare on StumbleUponTweet about this on TwitterShare on Tumblr

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>