Confirm account email and then change password

[kylegalbraith]

I want to validate the key within the url of the confirm email. My question is whether or not the key in this url /UserAccount/ChangeEmail/Confirm/XXXX_key_XXXX is the VerificationKey stashed in MembershipReboot. So if I send the user to my own url with this key tacked on the end can I then make an API request that passes along this key and call

userActSvc.VerifyEmailFromKey()

Essentially is the key in the url used to confirm that account. I would then want to have the user provide a password for the account and update that via the API as well. However, I want to make sure that the key in the url is the right one to confirm the account with.

[brockallen]

MR stores a hash of the key. So when you're looking up the account you need to also hash the incoming key (which MR does internally when using the various APIs to find an account by key). If these return a non=null account, then it's valid./

[kylegalbraith]

When a reset password is initiated will an email be sent as well with a similar token on the end of the url?

[brockallen]

yes

[kylegalbraith]

Thanks for the quick response @brockallen I think I got enough to run with for now.