4

in my web application i use asp.net identity for managing users this is my register method for registering users

 [AllowAnonymous] public async Task<IHttpActionResult> Register(UserRegisterJson userRegisterJson) { IUserManagement userManagement = new UserManagement(); var user = userManagement.GetUserFromJson(userRegisterJson); var identityResult = await UserManager.CreateAsync(user, userRegisterJson.Password); if (!identityResult.Succeeded) { //return error }else{ return Ok(true); } }

i send user info as json format in request body the problem is when user email equals "example" or "example@example." or "example@exam ple.com"

identityResult.Succeeded return false

but when user email equals "example@example"

identityResult.Succeeded return true.

my question is why email equals "example@example"

identityResult.Succeeded return true?

Improve this question
7
  • How are you validating the user email. Commented Apr 26, 2016 at 12:23
  • i have a class in my project it have a static method receive Identity Result as parameter and then return error if identityResult.Succeeded return false, but identityResult.Succeeded return true if email equals "example@example" Commented Apr 26, 2016 at 12:33
  • How are you validating the user email before creating user. client side? server side? Do you have any validation attributes on your model UserRegisterJson ? None of this can be extracted from your question so there isn't much to go on to help you. Commented Apr 26, 2016 at 12:36
  • i have no validation for user email both client side and server side before creating user,Although validating email in client side is good approach,if asp.net identity can validate email in several state why it can't validate an email such as "example@example"? Commented Apr 26, 2016 at 12:48
  • What version of Identity are you using Commented Apr 26, 2016 at 13:02

1 Answer 1

Reset to default
1

Looking at the source code of UserValidator for that verison (v2.2.1), the following method was being called in side of the UserManager.CreateAsync.

// make sure email is not empty, valid, and unique private async Task ValidateEmailAsync(TUser user, List<string> errors) { var email = await Manager.GetEmailStore().GetEmailAsync(user).WithCurrentCulture(); if (string.IsNullOrWhiteSpace(email)) { errors.Add(String.Format(CultureInfo.CurrentCulture, Resources.PropertyTooShort, "Email")); return; } try { var m = new MailAddress(email); } catch (FormatException) { errors.Add(String.Format(CultureInfo.CurrentCulture, Resources.InvalidEmail, email)); return; } var owner = await Manager.FindByEmailAsync(email).WithCurrentCulture(); if (owner != null && !EqualityComparer<TKey>.Default.Equals(owner.Id, user.Id)) { errors.Add(String.Format(CultureInfo.CurrentCulture, Resources.DuplicateEmail, email)); } }

As you can see it is trying to create a MailAddress object using the email address provided. If the address is not in a valid format it should fail.

Given what ever format they used I created a unit test to verify the examples you provided. 

[DataDrivenTestMethod] [DataRow("example")] [DataRow("example@example.")] [DataRow("example@exam ple.com")] [DataRow("example@example")] public void ValidateEmailAddress(string email) { var m = new System.Net.Mail.MailAddress(email); Assert.IsNotNull(m); }

The following results were returned

Result Message: Assert.IsTrue failed. DataRow: email: example Summary: Exception has been thrown by the target of an invocation. DataRow: email: example@exam ple.com Summary: Exception has been thrown by the target of an invocation.

example and example@exam ple.com are not considered valid email address according to their logic.

I would suggest you try to perform you own email validation on the model before creating a new user

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.