Password Reset Token

(0) Share

Report

Posted on by Community Member

Hello.

I cannot find this information in the documentation:

When a ADX Portal user attempts to reset his/her password (via LoginController\ForgotPassword), I understand that a unique token is generated as part of the reset process.

Question: How long is the token valid for?

What factors will make the token invalid? (e.g. Another token request? x minutes?)

Thank you!

Steve

*This post is locked for comments

I have the same question (0)

All responses (1)

Answers (1)

Verified answer

Nadeeja Bomiriya 6,804 on at

Like (0)

Report
Hi stevechin1,

Adxstudio's identity mechanism is built on top of ASP.NET Identity.

https://www.asp.net/identity/overview/getting-started/introduction-to-aspnet-identity

The only difference is, instead of AspNetUsers table in SQL Server, it uses Contact entity in CRM.

For more information, please read below article.

https://www.asp.net/identity/overview/features-api/account-confirmation-and-password-recovery-with-aspnet-identity

The default expiration is one day.

In Areas\Account\Models\IdentityConfig.cs you'll find below code.

if (dataProtectionProvider != null) { manager.UserTokenProvider = new DataProtectorTokenProvider<ApplicationUser>(dataProtectionProvider.Create("ASP.NET Identity")); }

You can change the expiration setting using below code. In below example, token will expire in 3 hours.

if (dataProtectionProvider != null) { manager.UserTokenProvider = new DataProtectorTokenProvider<ApplicationUser> (dataProtectionProvider.Create("ASP.NET Identity")) { TokenLifespan = TimeSpan.FromHours(3) }; }

Was this reply helpful? Yes No