Email confirmation using a custom verification token/code in asp.net core

Question

I am trying to implement a short code (6digits) for Email Confirmation using Asp.Net Identity Core.

Currently, I am using the existing implementation which is TotpSecurityStampBasedTokenProvider .

Everything works fine, it generates the 6 digit code that I want using this line of code var token = await _userManager.GenerateUserTokenAsync(user, "EmailTokenProvider", "EmailConfirmation"); ,

it also verifies if the code entered is valid or not using this method here var isValid = await _userManager.VerifyUserTokenAsync(user, "EmailTokenProvider", "EmailConfirmation", token);.

My problem is, when I am trying to call the method await _userManager.ConfirmEmailAsync(user, token); it says InvalidToken, do I need to implement my own ConfirmEmailAsync? As I also dig deep into it, it calls the SetEmailConfirmedAsync, do I also need to override the current implementation for that by creating my own custom IUserEmailStore?

Thanks!

Here are some of the sample references: Implement email confirmation with digit code, Custom Verification Code/Token in Asp .Net Identity

Answer 1

Try this

var token = await _userManager.GenerateEmailConfirmationTokenAsync(user);

Instead of

var token = await _userManager.GenerateUserTokenAsync(user, "EmailTokenProvider", "EmailConfirmation");

Click Documentation

Answer 2

We have to tell Identity what token providers we want to use for the different kinds of tokens to make the UserManager-convenience methods like GenerateEmailConfirmationTokenAsync() or ConfirmEmailAsync() use a specific provider.

We do this by configuring the identity TokenOptions:

builder.Services.Configure<IdentityOptions>(options =>
{
    // Token settings.
    options.Tokens.EmailConfirmationTokenProvider = "MyCustomEmailTokenProvider";
    ...
});

Or together when registering the new provider using the fluent API:

services.AddDefaultIdentity<ApplicationUser>(options =>
    {
        options.Tokens.EmailConfirmationTokenProvider = "MyCustomEmailTokenProvider"
    })
    .AddTokenProvider<MyCustomEmailConfirmationTokenProvider>("MyCustomEmailTokenProvider");

There also exist few token providers that gets added by default by .AddDefaultTokenProviders() that can be used without registering any additional providers by using their names:

• TokenOptions.DefaultProvider, uses DataProtectorTokenProvider (the default provider used when no explicit configuration exist
• TokenOptions.DefaultEmailProvider uses EmailTokenProvider
• TokenOptions.DefaultPhoneProvider uses PhoneNumberTokenProvider
• TokenOptions.DefaultAuthenticatorProvider uses AuthenticatorTokenProvider