Software Blog


ASP.NET Identity 2.0 Security Stamp

I'm currently working through a complete Identity setup without using Entity framework. This is taking me to difficult places as the source for this library is yet to be released. It involves lots of reading and guessing. One area of confusion is the Security Stamp.

You can read about the description over at stack overflow

This is the best I found, but it still wasn't enough for the full blown, non EF version.

I wanted a reset password functionality, but of course wanted to use the UserManager.GeneratePasswordResetToken for tokens in the email that would be sent.

That required me to have

UserTokenProvider = new EmailTokenProvider<Account,string>()

On my UserManager, which then required me to implement, IUserSecurityStampStore on my AccountStore (this is where all of the Object to Sql contact happens)

But I kept getting the error.

String reference not set to an instance of a String. Parameter name: s

Turns out when the accounts were being created in the db, I was defaulting SecurityStamp to null. As you can read in this comment here [] you need to set the security stamp to anything but null, and then the magic happens.

If I can get this entire thing working I might push it out for the world, would anybody be interested?

Feedback? Better Idea? General Comment?