What is GenerateEmailConfirmationToken ()?

Question

What is GenerateEmailConfirmationToken ()?

I have two questions regarding ASP.Identity 2.0 "GenerateEmailConfirmationToken / GenerateEmailConfirmationTokenAsync".

// Generate token var token = Url.Encode(await UserManager.GenerateEmailConfirmationTokenAsync(user.Id));

Is this token stored in the database? I think this should happen. But in what area? I just find “PasswordHash” and “SecurityStamp” in the “User” table. Both do not seem to match.
I got the impression that as soon as I create an email token, the EmailConfirmed field of the User table will be set to false. But it's true. So what is the purpose of creating a token if the corresponding user account is verified? Or in other words: what do I need to do to create a new token, and also establish that the account is NOT verified?

+5

asp.net-identity-2

Ingmar Jan 7 '15 at 11:04

source share

1 answer

trailmax · Accepted Answer · 2015-01-08T15:33:35+0000

To summarize the discussion in the comments: tokens are not stored anywhere - they are generated by a crypto generator (not exactly the exact process of generation) from SecruityStamp, and when they return, they can be decrypted and compared.

As for the EmailConfirmed field, this is for you to maintain and care for. You will need to block access for users without a confirmed email. And you will need to set a flag when a confirmation email is received.

What is GenerateEmailConfirmationToken ()?

More articles: