In this article I am going to discuss how to implement forgot password in asp.net core identity web api. In my previous article I have discussed how to change password in asp.net core identity web api. For implementing forgot password in asp.net core identity you must have confirmed email so that the reset password link sent to your email and by clicking on that link you will be able to reset your password.

How to Implement Forgot Password in Asp.net core Identity

To implement forgot password in asp.net core identity first of all you have to create one login page which contains the link or button of forgot password. Like

Forgot Password in Asp.net Core Identity Web API-1

When you click on Forgot Password a new page will open and ask your email where the link for reset password will come.

Forgot Password in Asp.net Core Identity Web API-2

After filling the email you have to click on send button. When you click on send button the email will be sent to your email address. Till user check his email you can show given page to the user for user interaction purpose.

Forgot Password in Asp.net Core Identity Web API-3

Send Reset Password Link

When you click on send button you have to call a method of send Forgot Password email in your backend. So lets create SendForgotPasswordEmail Method in our backend in order to send reset password link. For sending email we have already created one email service in our article if you have not read that article then please click here to read that article.

public async Task SendForgotPasswordEmail(string email, Users user)
        {
            try
            {
                var token = await _userManager.GeneratePasswordResetTokenAsync(user);
                var passwordResetLink = $"http://localhost:3000/reset-password?Email={email}&Token={token}";
                await _emailService.SendEmailAsync(email, "Reset Your Password", $"Reset your password by <a href='{passwordResetLink}'>clicking here</a>.", true);

            }
            catch (Exception ex)
            {
                throw;
            }
        }

_userManager.GeneratePasswordResetTokenAsync(user) this method is used to generate reset password token and it will take one parameter of type IdentityUser. After generating token I have made my frontend link where I want to redirect user when he clicks on that link and this link will contain email and token as query parameter so you can get this in frontend using URLSearchParams or searchParams. At last we are sending email to particular email.

Reset Your Password

Once the email will send and you click on the link in email then you will be redirecting to http://localhost:3000/reset-password?Email={email}&Token={token} this url. This page will ask you new password.

Forgot Password in Asp.net Core Identity Web API-4

you can also add confirm password field but it is not required. After filling your new password and confirm password you have to call another method which will take following parameter.

public class ResetPasswordRequestViewModel
    {
        public string Email { get; set; }
        public string Token { get; set; }
        public string Password { get; set; }
        public string ConfirmPassword { get; set; }
    }

When you get all the fields you have to click on reset password button. As you click on button ResetPassword method will be called. So lets create Reset Password method.

public async Task<bool> ResetPassword(ResetPasswordRequestViewModel model)
        {
            try
            {
                var user = await _userManager.FindByEmailAsync(model.Email);
                model.Token = model.Token.Replace(" ", "+");
                var result = await _userManager.ResetPasswordAsync(user, model.Token, model.Password);
                if (result.Succeeded)
                {
                    return true;
                }
                else
                {
                    return false;
                }
            }
            catch (Exception ex)
            {
                throw;
            }

        }

In above method first of all we are getting the user by his email and then replacing white space with ‘+’ symbol because when we are getting value from query parameter it will treat the ‘+’ symbol as white space therefore we have manually replace the white space with ‘+’ symbol in our backend code. After replacing we are calling this method

_userManager.ResetPasswordAsync(user, model.Token, model.Password); 

which is used to reset the password. Once it is succeeded it returns true and your password will reset successfully. Once it will return true you can show successfull message to user something like given below:

Forgot Password in Asp.net Core Identity Web API-5

Conclusion

In above article we have discussed how to implement forgot password in asp.net core identity web api. Till now we have done so many things with asp.net core identity like email confirmation, change password and now forgot password. So you can implement this at your own for better understanding.