aspnet identity invalid token on confirmation email

asp.net-mvc-5 asp.net-identity asp.net-identity-2

Solution 1:

Most likely that the code in transit is modified by browser. Try doing UrlEncode on the token:

var code = await userManager.GenerateEmailConfirmationTokenAsync(userId);
code = System.Web.HttpUtility.UrlEncode(code);

Otherwise browser messes with the special symbols that can be present in the token.

Solution 2:

I have experienced the same problem. I solved the problem with the following code.

Sample: 

var emailToken = _customManager.GenerateEmailConfirmationToken(userId);
emailToken = emailToken.Base64ForUrlEncode();

Extension Methods => Name Space : System.Text,System.Web

public static class UrlEncoding
{
        public static string Base64ForUrlEncode(this string str)
        {
            byte[] encbuff = Encoding.UTF8.GetBytes(str);
            return HttpServerUtility.UrlTokenEncode(encbuff);
        }

        public static string Base64ForUrlDecode(this string str)
        {
            byte[] decbuff = HttpServerUtility.UrlTokenDecode(str);
            return Encoding.UTF8.GetString(decbuff);
        }
}

Solution 3:

Ok, this wasted hours - no, days - of my life. After trying all other suggestions in this thread an in Asp.NET - Identity 2 - Invalid Token Error I found that instead of calling 

await SignInManager.SignInAsync(user, isPersistent: false, rememberBrowser: false);

in the Register-method just before the GenerateEmailConfirmationTokenAsync-block

await SignInAsync(user, isPersistent: false);

was called which is defined as

private async Task SignInAsync(ApplicationUser user, bool isPersistent)
{
        AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
        AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = isPersistent }, await user.GenerateUserIdentityAsync(UserManager));
}

I think this was caused by scaffolding the application with an older ASP.Net MVC Version. The described method can be found in http://www.asp.net/identity/overview/getting-started/introduction-to-aspnet-identity from 2013.

Solution 4:

In case these solutions aren't working for you - I ran into the problem in a Asp.Net Core project because I had added the following configuration in Startup.cs:

services.Configure<RouteOptions>(options =>
{
  options.LowercaseUrls = true;
  options.LowercaseQueryStrings = true;
});

The second setting was causing the confirmation code to get converted to lowercase, which caused validation to fail. Ideally I'd like to keep query string parameters lower case, and not alter the query string values, but I'm not finding a way to do that, so I just removed the query string setting:

services.Configure<RouteOptions>(options =>
{
  options.LowercaseUrls = true;
});

Related

Extracting lxml xpath for html table
Why is host aborting connection?
Configuration parameter work_mem in PostgreSQL on Linux
Obtain file path of C# save dialog box
How do I set character encoding to UTF-8 for default.html?
Why does Firebug show a "206 Partial Content" response on a video loading request?
Interacting with bash from python
CookieContainer bug?
java arraylist ensureCapacity not working
How write a file using StreamWriter in Windows 8?
SwiftUI tappable subtext
Does Django have a way to open a HTTP long poll connection?