[RESOLVED]ASP.NEt Identity Custom Token Provider

Hi

The Identity built in sms token gives me random token. Its a 5 or 6 digit number that I get.

Is there a way to customize the token that the identity provides? I want it to be restricted to characters.

var token = _userManager.GenerateChangePhoneNumberTokenAsync(userId, user.MobileNumber);

I went ahead and implemented a custom token provider. But now to validate the token generated is there a built in machanism or should i store the token in the ApplicationUser object and verify it?

public class CustomSmsTokenProvider : IUserTokenProvider<ApplicationUser, string>
    {
        public Task<string> GenerateAsync(string purpose, UserManager<ApplicationUser, string> manager, ApplicationUser user)
        {
            //custom token generation logic
            return token;            
        }

        public Task<bool> IsValidProviderForUserAsync(UserManager<ApplicationUser, string> manager, ApplicationUser user)
        {
            throw new NotImplementedException();
        }

        public Task NotifyAsync(string token, UserManager<ApplicationUser, string> manager, ApplicationUser user)
        {
            throw new NotImplementedException();
        }

        public Task<bool> ValidateAsync(string purpose, string token, UserManager<ApplicationUser, string> manager, ApplicationUser user)
        {
            //how to validate if token here is same as token in GenerateAsync?            
        }
    }

If you store it in the User class, then you need to protect it in the DB — if the attacker has DB access then they can bypass 2fa. IdentityReboot solves this issue:

http://brockallen.com/2014/02/11/introducing-identityreboot/

Leave a Reply