Vulnerability in EPiServer.Forms

Try our conversational search powered by Generative AI!

Change Password Functionality returns Invalid Token


Hi All

I'm trying to implement a Change Password Page, although upon executing userManager.ChangePassword, I am presented with the error Invalid Token. 

Any assistance would be much appreciated 

                var userManager = ServiceLocator.Current.GetInstance();
                var userProvider = ServiceLocator.Current.GetInstance();

                var user = userProvider.GetUser(changePasswordPostbackData.Username); 

                var isValid = userManager.ChangePassword(user, changePasswordPostbackData.OldPassword, changePasswordPostbackData.NewPassword);
2017-11-07 17:45:39,194 [37] ERROR EPiServer.Global: 1.2.5 Unhandled exception in ASP.NET
System.ArgumentException: Invalid token.
   at EPiServer.Cms.UI.AspNetIdentity.ApplicationUIUserManager`1.ChangePassword(IUIUser user, String oldPassword, String newPassword)



Nov 07, 2017 18:56
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.