AspNet.Identity 'ResetPasswordAsync' does not update AspNetUsers table

moondaddy 1 Reputation point

I have an app that has been working OK for several years, suddenly this past week some users could not login even though they were using the correct credentials.

I am using Microsoft.AspNet.Identity.Core

DotNet Framework v4.0.30319

Since something seemed wrong with the passwords, I tried to reset the password using these two lines which used to work perfectly:

string resetToken = await UserManager.GeneratePasswordResetTokenAsync(token.AspNetUserId);
IdentityResult passwordChangeResult = await UserManager.ResetPasswordAsync(token.AspNetUserId, resetToken, newPassword);

But when I check the AspNetUsers table I see that the values for "PasswordHash" and "SecurityStamp" have not changed.

Furthermore, for a test user whose password still works, after I do a password reset I can still login using the old password which also proves that the database is not being updated.

I can use the same instance of UserManager to successfully create users, change passwords and to authenticate, and only the password reset does not work. Also, I do not get any errors.

Please advise how I can resolve this as it's really becoming a problem in a production app.

Thank you!

Microsoft Identity Manager
Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
661 questions
A set of technologies in the .NET Framework for building web applications and XML web services.
3,417 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. XuDong Peng-MSFT 10,341 Reputation points Microsoft Vendor

    Hi @moondaddy,

    I just created an example .NET MVC project with Individual Accounts. I edited part of these code and test, but it works fine with the code by design (in .net framework 4.8), could you provide more details so that we can understand your issue more clearly?

    This is test example code:

    public async Task<ActionResult> ResetPassword(ResetPasswordViewModel model)
                if (!ModelState.IsValid)
                    return View(model);
                var user = await UserManager.FindByNameAsync(model.Email);
                if (user == null)
                    // Don't reveal that the user does not exist
                    return RedirectToAction("ResetPasswordConfirmation", "Account");
                var result = await UserManager.ResetPasswordAsync(user.Id, model.Code, model.Password);
                if (result.Succeeded)
                    return RedirectToAction("ResetPasswordConfirmation", "Account");
                return View();

    Here is the result image:

    User's image

    If I misunderstand anything, please let me know.

    Best regards,

    Xudong Peng

    If the answer is the right solution, please click "Accept Answer" and kindly upvote. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments