asp.net identity authenticate by link / url asp.net mvc 5

Question

I am a fearly newbie to asp.net identity framework. Have experience with simple membership provider etc.

I want to get a user authenticated by using a special url and a token with it. like : http://www.website.com/urlAuth/

A user get's an email and i want to user to login/authenticate with this url

the token is active for a certain time and has a user account ands some actions attached to it.

I cannot lay my finger on how to get a user authenticated without password. I investigated a impersination scenario (i have a special impersination with authentication info in web.config) but that's not a solid solution i think.

Could some on help me to direct me to a solid solution

Thank you!

Answer 1

You don't need password to authenticate users in Identity. Just you need find relevant user based on token. Consider this simple example:

public ActionResult UrlAuth(string token)
{
    var userManager=HttpContext.GetOwinContext().GetUserManager<ApplicationUserManager>();
    // imaging you have a custom token manager which return userID form token 
    string userID=_tokenManager.GetUserIDByToken(token);
    var user = userManager.FindById(userID);
    if (user != null)
    {
         var ident = userManager.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie);

         HttpContext.GetOwinContext().Authentication.SignIn(new AuthenticationProperties { IsPersistent = false }, ident);
         // authentication succeed do what you want 
         return Redirect("Wherever");
    }
    ModelState.AddModelError("", "Invalid username or password");
    return View();
}