AspNetIdentity
AspNetIdentity copied to clipboard
aspnet
ASP.NET Identity for ASP.NET 4.x applications
I'm implementing TOTP using the TotpSecurityStampBasedTokenProvider and couldn't figure out why it wasn't working with Google Authenticator. While debugging I noticed that TotpSecurityStampBasedTokenProvider uses a fixed timestep of 3 minutes...
The `AllowOnlyAlphanumericUserNames` option is supposed to only allow usernames that are made up of letters or digits. However, as you can see in the regex check [here](https://github.com/aspnet/AspNetIdentity/blob/master/src/Microsoft.AspNet.Identity.Core/UserValidator.cs#L94), it still allows...
Using 2.2.1 but can see the issue in master PasswordSignInAsync will reset it for non-2FA accounts: https://github.com/aspnet/AspNetIdentity/blob/4874623fb8cdaeeded92891af5017d8480fd014a/src/Microsoft.AspNet.Identity.Owin/SignInManager.cs#L260 TwoFactorSignInAsync will reset it for 2FA accounts: https://github.com/aspnet/AspNetIdentity/blob/4874623fb8cdaeeded92891af5017d8480fd014a/src/Microsoft.AspNet.Identity.Owin/SignInManager.cs#L167 But if the user has...
The UserManager.UpdatePassword method's name does not end in 'Async' but returns a Task. It should be named (as all other Task based methods in the class) UpdatePasswordAsync.
If you set an explicit LoginPath for CookieAuthenticationOptions, authenticated users who navigate a restricted area they are not authorized to access (e.g. because of not having the right role), will...
Is there a way to do this? Like an error code that will return when the email confirmation token has expired? For example if the error code was "TokenExpired" I...
I've created extension method that allow me to verify if token has expired. Code is available here: https://github.com/aspnet/Identity/issues/307#issuecomment-407731661 I'd like to ask for changing protection level of [StreamExtensions](https://github.com/aspnet/AspNetIdentity/blob/9c48993a446288032f9824633e6dae81257da06e/src/Microsoft.AspNet.Identity.Owin/DataProtectorTokenProvider.cs#L168) to public,...
I just wonder, is there a special reason why you don't use MemoryStream in using blocks? https://github.com/aspnet/AspNetIdentity/blob/9c48993a446288032f9824633e6dae81257da06e/src/Microsoft.AspNet.Identity.Owin/DataProtectorTokenProvider.cs#L71 On the other hand, it's used in a using block in this code:...
I'm trying to migrate parts of my application to .net core instead of everything at once. I'd like to try moving from EF to EF Core now but can't because...
_From @rvandulek on November 12, 2017 22:41_ I'm in the process of creating a new MVC application that has to plug in to our existing SQL Server based user store....
