How to fix problems with password reset tokens - Digital Tool Factory blog

How to fix problems with password reset tokens

For some reason, identity 2 generates password reset tokens that are not property url encoded, but does send them as part of a querystring.  Therefore – when you send out the email – the web browser will add spaces to the code, which renders it invalid.  The way around that is to base 64 encode (and decode) the code as it is sent and interpreted.  Below are the Base64 extension methods.

Also – make sure there is a guid (any guid) in the SecurityStamp column in the AspNetUsers table – that will also cause it to claim that the code is invalid.

public static string ConvertToBase64(this string str)
byte[] encbuff = Encoding.UTF8.GetBytes(str);
return HttpServerUtility.UrlTokenEncode(encbuff);

public static string ConvertFromBase64(this string str)
byte[] decbuff = HttpServerUtility.UrlTokenDecode(str);
return Encoding.UTF8.GetString(decbuff);


Written By Steve French


Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright 2011 Digital Tool Factory. All Rights Reserved. Powered by raw technical talent. And in this case, WordPress.