We are using asp.net membership provider for our project and trying to think about resetting password that can be done by user like it is done by Gmail, Yahoo etc by sending a link.
In detail, when user forgets his password, by clicking on reset application should send him a link to his email address where by clicking on the link user can enter his new password and login using his username and new password. This should be done in a
very secured way. There should only be one active password reset URL per user account that has requested a reset and the link should only remain valid for a period of time specified in the web.config file.
Can any one provide me with a sample page or code which can perform above functionality.
We are using asp.net membership provider for our project and trying to think about resetting password that can be done by user like it is done by Gmail, Yahoo etc by sending a link.
In detail, when user forgets his password, by clicking on reset application should send him a link to his email address where by clicking on the link user can enter his new password and login using his username and new password. This should be done in a
very secured way. There should only be one active password reset URL per user account that has requested a reset and the link should only remain valid for a period of time specified in the web.config file.
Can any one provide me with a sample page or code which can perform above functionality.
Thanks for the link. One thing thats not matching with my requirement is that password should not be sent to the user. Only a new link should be sent where the user can click on it specify a new password him self instead of generating a password by the system
or sending the old password.
Thanks for the link. One thing thats not matching with my requirement is that password should not be sent to the user. Only a new link should be sent where the user can click on it specify a new password him self instead of generating a password by the system
or sending the old password.
First of all before writing anything you have to read the question first and it's a common sense to study the question correctly and it's none of your bloody business to ask some one whether why the company hired . Mr. what ever it's not you or your father
is paying money to work for and if you are such bloody problem solver instead of giving negative remarks in this forum try and give solution and let's see how much you can do it?
I think it's time for us to continue focus on the technical question itself:)
@swapna.anu,
About the "reset password" email link functionality you want to achieve, you can consider the following approach to design it:
whenever user choose to reset password, your service code start to generate an email which contains a url link for the target user(who request the reset operation) to click
For the url link, the most important part is the url querystring it will contain. Generally, you can embed some basic identity information by which you can make sure which account you should do the reset operation against
Since the url and query string is sent out via clear text email, you need to secure it. A simple approach is use some symmetric encryption method (like 3DES or AES which is supported by .NET OOB) to encrypt the querystring data. for example:
http://[servername]/[servicepath]/resetpwd.aspx?data=[encrypted data in base64format]
Thus, when the user click the link, your server page just get the data in querystring parameter and decrypt it to get the identity info. Then, populate the proper reseting UI for the user.
Since the encryption key is only kept at server-side (and the client user do not need to know details about the querystring data), it is quite safe for the data to be embeded in the url link.
I thought forums is all about helping and sharing different thoughts and providing knowledge on some thing that some one is not aware of regarding asp.net but realised some people can also take advantage of writing whatever they want. I would recommend
that no one should encourage this kind of comments. Thats the only reason I replied in a way I never did to any one in this forum from the time I joined.
Thanks for providing your thoughts on the way I can implement this securely. I need some time to start working on this and definetly let you know how it goes and ask you if I need more information on anything.
swapna.anu
Contributor
2658 Points
745 Posts
Reset Password by sending a link in Email to Users
Nov 08, 2012 03:07 PM|LINK
Hi All,
We are using asp.net membership provider for our project and trying to think about resetting password that can be done by user like it is done by Gmail, Yahoo etc by sending a link.
In detail, when user forgets his password, by clicking on reset application should send him a link to his email address where by clicking on the link user can enter his new password and login using his username and new password. This should be done in a very secured way. There should only be one active password reset URL per user account that has requested a reset and the link should only remain valid for a period of time specified in the web.config file.
Can any one provide me with a sample page or code which can perform above functionality.
Thanks in advance.
Amy Peng - M...
Star
9968 Points
952 Posts
Microsoft
Re: Reset Password by sending a link in Email to Users
Nov 09, 2012 08:24 AM|LINK
Hi swapna.anu
The following link gives the detailed information about how to reset password by sending a link in Email, please try to refer to: http://csharpdotnetfreak.blogspot.com/2012/06/aspnet-forgot-password-email-page-code.html .
Regards,
Amy Peng
Feedback to us
Develop and promote your apps in Windows Store
swapna.anu
Contributor
2658 Points
745 Posts
Re: Reset Password by sending a link in Email to Users
Nov 09, 2012 11:33 AM|LINK
Hi Amy,
Thanks for the link. One thing thats not matching with my requirement is that password should not be sent to the user. Only a new link should be sent where the user can click on it specify a new password him self instead of generating a password by the system or sending the old password.
Hope this is clear.
Amy Peng - M...
Star
9968 Points
952 Posts
Microsoft
Re: Reset Password by sending a link in Email to Users
Nov 12, 2012 01:07 AM|LINK
Hi swapna.anu
Hope the following links can help you :
http://haditeo.wordpress.com/2009/06/02/asp-net-2-0-membership-resetting-password-without-using-question-and-answer/ .
http://usingaspdotnet.blogspot.com/2011/07/sending-reset-password-link-for-one.html .
Thanks,
Amy Peng
Feedback to us
Develop and promote your apps in Windows Store
swapna.anu
Contributor
2658 Points
745 Posts
Re: Reset Password by sending a link in Email to Users
Nov 12, 2012 08:31 AM|LINK
Thank you. I will try it and let you know how it goes.
Amy Peng - M...
Star
9968 Points
952 Posts
Microsoft
Re: Reset Password by sending a link in Email to Users
Nov 14, 2012 08:33 AM|LINK
Hi swapna.anu,
Any progress? Have you solved your problem now?
Thanks,
Amy Peng
Feedback to us
Develop and promote your apps in Windows Store
eidand
Member
522 Points
146 Posts
Re: Reset Password by sending a link in Email to Users
Nov 16, 2012 08:28 AM|LINK
I don't understand you, if you are not capable of writing a simple password reset process, why not have your company hire a developer who can ?
Blindly copying code from someone else raises a lot of issues, mainly security ones.
Bottom line, either learn and test and then pen test the final result or don't even bother as you'll put your users / website at risk.
swapna.anu
Contributor
2658 Points
745 Posts
Re: Reset Password by sending a link in Email to Users
Nov 20, 2012 07:31 PM|LINK
First of all before writing anything you have to read the question first and it's a common sense to study the question correctly and it's none of your bloody business to ask some one whether why the company hired . Mr. what ever it's not you or your father is paying money to work for and if you are such bloody problem solver instead of giving negative remarks in this forum try and give solution and let's see how much you can do it?
Steven Cheng...
Contributor
4187 Points
547 Posts
Microsoft
Moderator
Re: Reset Password by sending a link in Email to Users
Nov 21, 2012 05:21 AM|LINK
Hi Guys,
I think it's time for us to continue focus on the technical question itself:)
@swapna.anu,
About the "reset password" email link functionality you want to achieve, you can consider the following approach to design it:
http://[servername]/[servicepath]/resetpwd.aspx?data=[encrypted data in base64format]
Since the encryption key is only kept at server-side (and the client user do not need to know details about the querystring data), it is quite safe for the data to be embeded in the url link.
Hope this helps some.
Feedback to us
Microsoft One Code Framework
swapna.anu
Contributor
2658 Points
745 Posts
Re: Reset Password by sending a link in Email to Users
Nov 21, 2012 09:29 AM|LINK
Hi Steven,
I thought forums is all about helping and sharing different thoughts and providing knowledge on some thing that some one is not aware of regarding asp.net but realised some people can also take advantage of writing whatever they want. I would recommend that no one should encourage this kind of comments. Thats the only reason I replied in a way I never did to any one in this forum from the time I joined.
Thanks for providing your thoughts on the way I can implement this securely. I need some time to start working on this and definetly let you know how it goes and ask you if I need more information on anything.
Thanks,
Swapna