Link to home
Start Free TrialLog in
Avatar of dan henderson
dan hendersonFlag for United States of America

asked on

Reset a user's password using microsoft.identity

I need for a manager to set a user's password on request.  I can reset the password, but the user still can't log in.  I have provided the code I am using below:

        [HttpPost]
        [AllowAnonymous]
        [ValidateAntiForgeryToken]
        public async Task<ActionResult> ResetPassword(ResetPasswordViewModel model)
        {
            if (!ModelState.IsValid)
            {
                return View(model);
            }
            var user = await UserManager.FindByNameAsync(model.UserName);
            if (user == null)
            {
                // Don't reveal that the user does not exist
                return RedirectToAction("ResetPasswordConfirmation", "Account");
            }

            
            string resetToken = await UserManager.GeneratePasswordResetTokenAsync(user.Id);

            var result = await UserManager.ResetPasswordAsync(user.Id, resetToken, model.Password);
            if (result.Succeeded)
            {
                using (var db = new RPIADbContext())
                {
                    var id = user.Id;
                    var usr = db.AspNetUsers.Find(id);
                    usr.MustChangePassword = true;

                    db.AspNetUsers.Attach(usr);

                    db.Entry(usr).Property(x => x.MustChangePassword).IsModified = true;
                    db.SaveChanges();
                }
                ViewBag.IsEdit = 1;
                return RedirectToAction("ResetPasswordConfirmation", "Account");
            }
            AddErrors(result);
            return View();
        }

        //
        // GET: /Account/ResetPasswordConfirmation
        [AllowAnonymous]
        public ActionResult ResetPasswordConfirmation()
        {
            var currentUserId = User.Identity.GetUserId();
            var cu = _db.AspNetUsers.Find(currentUserId);
            if (cu.Role == "Admin" || cu.Role == "Chief" || cu.Role == "Manager" || cu.Role == "Sergeant")
            {
                ViewBag.IsEdit = 1;
            }
            else
            {
                ViewBag.IsEdit = 0;
            }


            return View();
        }

Open in new window


After manager resets password, the user is forced to change their password ... but the user can't log in, just gets invalid login attempt error.
Avatar of Rikin Shah
Rikin Shah
Flag of India image
Hi,

Can you check in AD if the user is enabled for login after the password is reset? If not enabled, you need to add code to set user's login enabled.

Regards,
Rikin
Avatar of dan henderson
dan henderson
Flag of United States of America image

ASKER

Sorry, I assume that AD is active directory.  This is a web project and AD does not exist.  I should have stated that.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.