Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • Philip Hayton 98 posts 435 karma points
    Mar 17, 2022 @ 20:56
    Philip Hayton

    Member Forgot Password Feature

    Hi guys,

    I'm having trouble implementing a password reset feature for members who have forgotton their password.

    The flow is fairly standard:

    1. User submits their email
    2. If the user exists, we generate a token for them using IMemberManager GeneratePasswordResetTokenAsync(member)
    3. The token is sent to the member via email
    4. The member clicks the link, opening a form with the token sent above
    5. Member submits the form with new password
    6. We try to reset the password using IMemberManager ResetPasswordAsync OR ChangePasswordWithResetAsync

    Neither of these methods works though, I keep getting TokenInvalid error, no matter what I try.

    Am I missing something? Or am I barking up the wrong tree?

    Any help is greatly appreciated!

  • Ambert van Unen 175 posts 817 karma points c-trib
    Mar 18, 2022 @ 07:37
    Ambert van Unen

    Oh my, you do not know how long I've been struggling with this aswell a few weeks ago, haha, token was always invalid for some reason.

    In the end I chose a different route.

    I generated my own guid (key) and stored it with the member properties, and send it with the email.

    When the user clicks the link in the email, the guid is attached to the URL, so you can verify it on the backend.

    Then instead of using the ChangePasswordWithResetAsync method, I did something like this:

     private readonly IPasswordChanger<MemberIdentityUser> _passwordChanger;
    //Check if supplied Guid matches the member being reset
    //If so, reset password:
     var changePasswordModel = new ChangingPasswordModel()
                Id = Convert.ToInt32(member.Id),
                NewPassword = model.ConfirmPassword,
                OldPassword = null
      await _passwordChanger.ChangePasswordWithIdentityAsync(changePasswordModel , _memberManager);

    And it works!

  • Philip Hayton 98 posts 435 karma points
    Mar 18, 2022 @ 10:51
    Philip Hayton

    Ha, glad to hear it's not just me! I used your method on older versions of Umbraco but saw the new API and assumed _memberManager.GeneratePasswordResetTokenAsync is the correct way to go now.

    Maybe someone wiser than me can shed some light, but in the mean time I've just used your method.

    Gracias amigo

  • Ambert van Unen 175 posts 817 karma points c-trib
    Mar 18, 2022 @ 10:57
    Ambert van Unen

    That was exactly my initial plan..haha!

    You're welcome!

  • Lucas Michaelsen 32 posts 232 karma points
    Mar 18, 2022 @ 08:45
    Lucas Michaelsen


    I did a RequstChange, where i crate a token:

    var code = await _userManager.GeneratePasswordResetTokenAsync(identityUser);

    This token is sent with the email, and on the reset password page I stored the token in a hidden field so in the API look like this.

    PostSetPassword(int userId, string password, string restCode)
            var identityUser = await _memberManager.FindByIdAsync(userId.ToString(CultureInfo.InvariantCulture));
            var result = await _memberManager.ResetPasswordAsync(identityUser, resetCode, password);
            if (result.Succeeded) { ... }
  • Rafael Gino 1 post 74 karma points
    Sep 16, 2022 @ 20:10
    Rafael Gino

    Hello, I had the same issue while I was doing a forgot password feature. Turns out that the problem was the translated token on the email so I encoded the token before send the email: HttpUtility.UrlEncode(token)

    This way you won't have issues with unwanted characters or blanks spaces on the generated token

  • Lewis Smith 209 posts 618 karma points c-trib
    1 day ago
    Lewis Smith

    Ran into the whole invalid token thing as well, Rafael, you champ, worked a treat.

Please Sign in or register to post replies

Write your reply to: