I am a fearly newbie to asp.net identity framework. Have experience with simple membership provider etc.
I want to get a user authenticated by using a special url and a token with it. like : http://www.website.com/urlAuth/
A user get's an email and i want to user to login/authenticate with this url
the token is active for a certain time and has a user account ands some actions attached to it.
I cannot lay my finger on how to get a user authenticated without password. I investigated a impersination scenario (i have a special impersination with authentication info in web.config) but that's not a solid solution i think.
Could some on help me to direct me to a solid solution
Thank you!
You don't need password to authenticate users in Identity. Just you need find relevant user based on token. Consider this simple example:
public ActionResult UrlAuth(string token)
{
var userManager=HttpContext.GetOwinContext().GetUserManager<ApplicationUserManager>();
// imaging you have a custom token manager which return userID form token
string userID=_tokenManager.GetUserIDByToken(token);
var user = userManager.FindById(userID);
if (user != null)
{
var ident = userManager.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie);
HttpContext.GetOwinContext().Authentication.SignIn(new AuthenticationProperties { IsPersistent = false }, ident);
// authentication succeed do what you want
return Redirect("Wherever");
}
ModelState.AddModelError("", "Invalid username or password");
return View();
}