WASM - Identity - Forgot Password

Posted 212 days ago by Francois
0

I'm currently working on a WASM hosted application project, I have implemented Identity JWT etc. I even have the email confirmation working on new user registration.

 My issue is with the forgot password/password reset implementation on wasm. Is there any documentation I have searched everywhere and cannot find anything. All I can find is very old samples using views .cshtml.

Thanks

  • 0

    If you're using IdentityServer, you could either redirect the user to the default management area at 

    /Identity/Account/Manage/ChangePassword

    Or you could post the passwords (both new and old) to your API endpoint, get the current logged in User in the API Controller, then proceed to get their password from the UserManager and update it.

    You'd need to inject UserManager

    private readonly UserManager<ApplicationUser> _userManager;
    
    public YourControllerName(UserManager<ApplicationUser> userManager)
    {
        _userManager = userManager;
    }

    Then something along these lines should work. The password model would just be a model that contains your new and old password. Probably the same Model you'd be using in your EditForm within your Blazor component.

        [HttpPost]
        [Route("resetpassword")] // Whatever your route path is
        public async Task<IActionResult> UpdatePasswordAsync([FromBody] PasswordModel passwordModel)
        {
            if (!ModelState.IsValid)
            {
                return StatusCode(StatusCodes.Status400BadRequest);
            }
    
            var claimsIdentity = (ClaimsIdentity)User.Identity;
            var claim = claimsIdentity.FindFirst(ClaimTypes.NameIdentifier);
            var userId = claim.Value;
            var user = await _userManager.FindByIdAsync(userId);
            if (user == null)
            {
                return StatusCode(StatusCodes.Status404NotFound, "User Not Found");
            }
    
            var changePasswordResult = await _userManager.ChangePasswordAsync(user, passwordModel.OldPassword, passwordModel.NewPassword);
            if (!changePasswordResult.Succeeded)
            {
                return StatusCode(StatusCodes.Status500InternalServerError, "Password Reset Unsuccessful");
            }
            return Ok();
        }
    Posted 212 days ago by selliott Edited 212 days ago
  • 0

    Thanks for the reply, It's a bit more complicated as I'm issuing a password reset token and also generating the email link to use to do the reset. With the WASM being separated from ServerAPI  I have managed to to implement the WASM forgot password razor pages, I then send the confirmation link that also contains the key and email nice and secure, When the user clicks on the reset email link is where it gets a bit tricky as the link is pointing Account controller ResetPassword action then sends the key and email to a new page along with the model containing the details and then allows the user to enter a new password and confirmation password and then gets updated via a post method. It is working fine now but it seems like a long way to do it, so I was wondering if there is Microsoft / or any decent up to date documents on this topic, all I can find is very old documents and procedures. But it's not a serious thing at this stage I managed to do a few work arounds. Its working great apart from ugly designed Views that ill have to doctor. lol

    Posted 211 days ago by Francois
  • 0

    I'm not aware of any specific documentation, but I'm guessing you'll have more luck looking at IdentityServer docs rather than Microsoft, assuming you're using IdentityServer. Perhaps you could have the system email a code to the user right away that they have to enter during the password reset (or even use the Authenticator app somehow if they're setup to use it) and reduce the steps?

    Posted 210 days ago by selliott
  • 0

    Yes I managed using the Identity doc's. That is a good plan, the app I'm writing is also going to have the mobile version so not that concerned about resetting passwords on the web version and long as its functioning and it is. 2FA authenticator is the way to go I think. Thank you.

    Posted 210 days ago by Francois
  • 0

    Did you ever get this working? I am looking for a more elegant solution to what I currently have. I have the email link being sent to do the password reset, but it's using the Identity Area in the Server Project for the password change. I'm trying to have it navigate to a Razor Component in the Client Project and I'm at a loss.

    Posted 72 days ago by kmorgan26
Someone is typing...

Post a Reply

You must be logged in to add a new post.
Number of online users: 1
An error has occurred. This application may no longer respond until reloaded. Reload 🗙