For some reason, asp.net identity 2 generates password reset tokens that are not property url encoded, but does send them as part of a querystring. Therefore – when you send out the email – the web browser will add spaces to the code, which renders it invalid. The way around that is to base 64 encode (and decode) the code as it is sent and interpreted. Below are the Base64 extension methods.
Also – make sure there is a guid (any guid) in the SecurityStamp column in the AspNetUsers table – that will also cause it to claim that the code is invalid.
public static string ConvertToBase64(this string str)
byte encbuff = Encoding.UTF8.GetBytes(str);
public static string ConvertFromBase64(this string str)
byte decbuff = HttpServerUtility.UrlTokenDecode(str);
||Written By Steve French|