I've set up OWIN in an ASP.NET MVC app (including email confirmation). When an account is created I get an email containing a link to confirm my email. When I visit the link, I get the "Invalid Token" error.
If I take that exact same link and instead change the domain to point at localhost while debugging the project, the email confirms just fine.
The project is being deployed to an Azure Web Site (which I can't remote debug). I've tossed in some code to email me when confirmation fails (so that I can see the userId and code it was trying to confirm with) and I've verified that the code it's attempting to verify with in Azure is the same as the code that's generated for that user. It doesn't appear to be any encoding problems or anything like that.
I've Googled a bazillion things and come up empty. And since I can't remote debug the problem where it's happening (in the Azure Web Site) I'm pretty much out of ideas.
What could be going wrong here?
OK, here are a couple of things to try.
If you have a different domain generates the cookie than does the confirmation, you need to share a machine key between then.
If you are using DpapiDataProtectionProvider() as your provider, you may have a problem in that your app pool name is unknown to you. You have to configure it differently at startup and then use the app pool name that gets set in your options .. somehow! I didnt have to do that because I am using aws and could just set the app pool name. You also have to set the app pool's LoadUserProfile setting to true.
Hope that helps!