WebSecurity.GeneratePasswordResetToken returns error (but user exists!)

Asked 18/1, 2013 at 9:2 Answered 8/8, 2022 at 20:0

Solved authentication asp.net-mvc-4 simplemembership

I'm working in an ASP.NET MVC 4 web app, I'm trying to make a password forget page. In my POST, I check that the user related to the password is present

WebSecurity.UserExists(email)

and it returns true, but when I exectue

WebSecurity.GeneratePasswordResetToken(email, 10);

I'm getting this error

No account exists for *email*

For reference, I was following this tutorial: http://www.thecodingguys.net/tutorials/asp/webpages-membership-forgot-password-and-reset-password.

Any ideas?

Spirochete answered 18/1, 2013 at 9:2 Comment(0)

Solved, somehow in [webpages_Membership] table it wasn't present the confirmation for the user.

Spirochete answered 18/1, 2013 at 10:11 Comment(3)

Happened to me to. Check the data in the tables. While testing it is easy to have Userprofile entries without webpages_Membership entries. – Hazel 31/7, 2013 at 11:27

But why? Surely we can't be expected to enter this manually every now and then... – Divisible 28/2, 2017 at 4:59

Oooooh ! The IsConfirmed field equals 0 ! – Penetrate 21/8, 2019 at 16:27

If the user is not confirmed, the same error will be thrown. Took me a while to find out so this might help someone. Perhaps someone has a better way of doing it, because this is kind of hacky.

In my case, the client want to send the user a password by mail (I know....) and if the mail needs to be resent, a new password has to be genereated.

 private string ChangePasswordForNotConfirmedUser(string emailAdress)
    {
        var membership = _membershipRepository.GetByUserName(emailAdress);
        membership.IsConfirmed = true;
        _membershipRepository.Save(membership);
        var token = WebSecurity.GeneratePasswordResetToken(emailAdress);
        var password = Membership.GeneratePassword(GlobalSettings.PasswordLenght, GlobalSettings.PasswordNoAlphaChars);
        WebSecurity.ResetPassword(token, password);
        membership.IsConfirmed = false;
        _membershipRepository.Save(membership);
        return password;
    }

Hazel answered 31/7, 2013 at 12:24 Comment(0)

This solved the problem for me without thinking about anything else.

try
        {
            token = WebSecurity.GeneratePasswordResetToken(username);
        }
        catch (Exception ex)
        {
            if (ex.Message.Contains("No account"))
            { 
                string password = System.Web.Security.Membership.GeneratePassword(6, 0);
                WebSecurity.CreateAccount(username, password);

            }
            token = WebSecurity.GeneratePasswordResetToken(username);
        }

Synthesize answered 22/2, 2014 at 14:53 Comment(0)

in my case user account was not not confirmed in DB table webpages_Membership once I set isconfirmed=1 manually then its working fine

Hebraic answered 8/8, 2022 at 20:0 Comment(0)

Recommended topics

Hot tags