堆栈内存溢出
  简体   繁体   English

Asp.net 身份电子邮件确认令牌的问题:“无效令牌”

[英]Issue with Asp.net identity Email Confirmation Token: “Invalid Token”

 原文  2017-10-08 03:40:04       c#/ asp.net/ asp.net-mvc/ asp.net-identity/ asp.net-identity-2

问题描述

I am using asp.net identity and have the following partial code in my Account/Register method:我正在使用 asp.net 身份并在我的帐户/注册方法中有以下部分代码:

string code = await UserManager.GenerateEmailConfirmationTokenAsync(user.Id);

string codeHtmlVersion = HttpUtility.UrlEncode(code);

var callbackUrl = Url.Action("ConfirmEmail", "Account", new { userId = user.Id, code = codeHtmlVersion }, protocol: Request.Url.Scheme);

I then send the callbackUrl to the user in an email.然后我通过电子邮件将 callbackUrl 发送给用户。 When I debug the code, I see the following values:当我调试代码时,我看到以下值:

code: "GE2HDQSSjAboLqEBdBv5rTjyksC09o110uqa4Dh+02TK4R+lhwgfjEaFiZkOc9GfQBKKryTTIgeITlgDgtvnDtVvk6SJyAjw7iuSPdNe+9tfUhcReAn50YqZp0aYbHy2QyHLc7EAUSyd/SJpCHdlgRsaAdOqpBPlI4zcd3FlbuMxiRdjHJq3q2K12YdQWcCF"代码: “GE2HDQSSjAboLqEBdBv5rTjyksC09o110uqa4Dh + 02TK4R + lhwgfjEaFiZkOc9GfQBKKryTTIgeITlgDgtvnDtVvk6SJyAjw7iuSPdNe + 9tfUhcReAn50YqZp0aYbHy2QyHLc7EAUSyd / SJpCHdlgRsaAdOqpBPlI4zcd3FlbuMxiRdjHJq3q2K12YdQWcCF”

codeHtmlVersion: "GE2HDQSSjAboLqEBdBv5rTjyksC09o110uqa4Dh%2b02TK4R%2blhwgfjEaFiZkOc9GfQBKKryTTIgeITlgDgtvnDtVvk6SJyAjw7iuSPdNe%2b9tfUhcReAn50YqZp0aYbHy2QyHLc7EAUSyd%2fSJpCHdlgRsaAdOqpBPlI4zcd3FlbuMxiRdjHJq3q2K12YdQWcCF" codeHtmlVersion: “GE2HDQSSjAboLqEBdBv5rTjyksC09o110uqa4Dh%2b02TK4R%2blhwgfjEaFiZkOc9GfQBKKryTTIgeITlgDgtvnDtVvk6SJyAjw7iuSPdNe%2b9tfUhcReAn50YqZp0aYbHy2QyHLc7EAUSyd%2fSJpCHdlgRsaAdOqpBPlI4zcd3FlbuMxiRdjHJq3q2K12YdQWcCF”

Then in my ConfirmEmail method, I reverse the values (or so I intend to):然后在我的 ConfirmEmail 方法中,我反转值(或者我打算这样做):

public async Task<ActionResult> ConfirmEmail(string userId, string code)
{
  string codeHtmlVersion = HttpUtility.UrlEncode(code);

  var result = await UserManager.ConfirmEmailAsync(userId, codeHtmlVersion);
  ....
}

When the user clicks on the confirmation link from his email, in my debug session, I see the following values:当用户单击他电子邮件中的确认链接时,在我的调试会话中,我看到以下值:

code: "GE2HDQSSjAboLqEBdBv5rTjyksC09o110uqa4Dh%2b02TK4R%2blhwgfjEaFiZkOc9GfQBKKryTTIgeITlgDgtvnDtVvk6SJyAjw7iuSPdNe%2b9tfUhcReAn50YqZp0aYbHy2QyHLc7EAUSyd%2fSJpCHdlgRsaAdOqpBPlI4zcd3FlbuMxiRdjHJq3q2K12YdQWcCF"代码: “GE2HDQSSjAboLqEBdBv5rTjyksC09o110uqa4Dh%2b02TK4R%2blhwgfjEaFiZkOc9GfQBKKryTTIgeITlgDgtvnDtVvk6SJyAjw7iuSPdNe%2b9tfUhcReAn50YqZp0aYbHy2QyHLc7EAUSyd%2fSJpCHdlgRsaAdOqpBPlI4zcd3FlbuMxiRdjHJq3q2K12YdQWcCF”

codeHtmlVersion: "GE2HDQSSjAboLqEBdBv5rTjyksC09o110uqa4Dh%252b02TK4R%252blhwgfjEaFiZkOc9GfQBKKryTTIgeITlgDgtvnDtVvk6SJyAjw7iuSPdNe%252b9tfUhcReAn50YqZp0aYbHy2QyHLc7EAUSyd%252fSJpCHdlgRsaAdOqpBPlI4zcd3FlbuMxiRdjHJq3q2K12YdQWcCF" codeHtmlVersion: “GE2HDQSSjAboLqEBdBv5rTjyksC09o110uqa4Dh%252b02TK4R%252blhwgfjEaFiZkOc9GfQBKKryTTIgeITlgDgtvnDtVvk6SJyAjw7iuSPdNe%252b9tfUhcReAn50YqZp0aYbHy2QyHLc7EAUSyd%252fSJpCHdlgRsaAdOqpBPlI4zcd3FlbuMxiRdjHJq3q2K12YdQWcCF”

So as it can be seen my code is changing somehow and so the user receives the "Invalid Token" error message.因此可以看出我的代码正在以某种方式发生变化,因此用户收到“无效令牌”错误消息。 Can someone help me figure out what I'm doing wrong here?有人可以帮我弄清楚我在这里做错了什么吗? Much appreciated.非常感谢。

2 个解决方案

解决方案1
 4 已采纳  2017-10-08 05:12:19

You are encoding a second time when you want to be decoding in ConfirmEmail当您想在ConfirmEmail解码时,您正在第二次编码

string codeHtmlVersion = HttpUtility.UrlDecode(code);

Analyzing how your token is getting changed:分析您的令牌如何更改:

  1. + becomes %2b after encoding for the first time +第一次编码后变成%2b
  2. %2b becomes %252b after encoding the second time (it encodes the % symbol to %25)第二次编码后%2b变为%252b (它将 % 符号编码为 %25)

解决方案2
 0  2020-02-09 14:21:02

以下代码对我有用:

 HttpUtility.HtmlDecode(code);

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 ASP.NET标识电子邮件确认无效标记 - ASP.NET Identity Email Confirmation Invalid Token ASP.NET身份2电子邮件确认无效令牌 - ASP.NET Identity 2 Email Confirmation Invalid Token 电子邮件确认错误无效的令牌AspNet身份 - Email Confirmation Error Invalid Token AspNet Identity ASP.NET身份-令牌 - ASP.NET Identity - Token 使用 MVC 5 和 Asp.net Identity 进行电子邮件确认 - Email Confirmation with MVC 5 and Asp.net Identity 用密码中的*重置密码时的ASP.Net身份“无效令牌” - ASP.Net Identity “Invalid token” on password reset with * in password ASP.NET-身份2-无效令牌错误-Php - Asp.NET - Identity 2 - Invalid Token Error - Php ASP.NET Identity WebAPI无效密码重置令牌 - ASP.NET Identity WebAPI invalid password reset token ASP.NET Identity 2.0随机无效令牌 - ASP.NET Identity 2.0 Invalid Token Randomly Asp.NET Identity 2 给出“无效令牌”错误 - Asp.NET Identity 2 giving "Invalid Token" error
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM