I am implementing reset password functionality on my site by using the in-built UserManager a class that comes with ASP.NET 5.
Everything works fine in my dev environment. However, once I try it in the production site that is running as an Azure website, I get the following exception:
System.Security.Cryptography.CryptographicException: The data protection operation was unsuccessful. This may have been caused by not having the user profile loaded for the current thread's user context, which may be the case when the thread is impersonating.
This is how I set up the UserManager instance:
var provider = new Microsoft.Owin.Security.DataProtection.DpapiDataProtectionProvider(SiteConfig.SiteName);
UserManager.UserTokenProvider = new Microsoft.AspNet.Identity.Owin.DataProtectorTokenProvider<User>(provider.Create(ResetPasswordPurpose));
Then, I generate the token thusly (to be sent to the user in an email so that they can verify that they do indeed want to reset their password):
string token = UserManager.GeneratePasswordResetToken(user.Id);
Unfortunately, when this runs on Azure, I get the exception above.
I've Googled around and found this possible solution.
However, it didn't work at all and I still get the same exception.
According to the link, it has something to do with session tokens not working on a web farm like Azure.