c# - Custom email confirmation token

Question

I'm using the Identity 2.0 framework for user management.
Unfortunately, in my use case an account activation/password reset cannot be done using a direct link, so the user would have to copy the code from his e-mail and paste it into the website.

The code that is generated by the UserManager's default GenerateEmailConfirmationTokenAsync method is very long, it spans about 3 lines of text. I tried to override this method, generating a shorter code that is more user friendly. This doesn't work, as the ConfirmEmailAsync method always returns "invalid token" (this method doesn't call the GenerateEmailConfirmationTokenAsync method at all).

I do not know how the confirmation code is stored and I prefer to use the default storage mechanism of the Identity Framework instead of storing it manually in the database.

As the Identity 2.0 framework is closed source, I am not sure how to proceed. Is it possible to generate custom (shorter) confirmation codes and what methods should I override in addition to what I already did?

Answer 1

ASP.NET Identity uses the UserTokenProvider of the UserManager to generate and validate the token. Basically it calls:

this.UserTokenProvider.GenerateAsync("Confirmation", this, tUser);

to generate the token and

this.UserTokenProvider.ValidateAsync("Confirmation", token, this, tUser);

to verify it.

So you can implement your own IUserTokenProvider<TUser, TKey> or extend the the default one and set that as UserManager.UserTokenProvider.