I currently run a MVC2 website using the default Membership provider. Everything works great, but now I find the needs for forgot password functionality.
After some googling the only good implementations I can find are based around having using the machine key for security or the question and answer functionality.
The problems with those implementations is I already have a rather large userbase. I cannot swap my passwords to machine key now as I am using a hash system already. I do not want to inconvenience my current users by forcing them all to change their passwords,
plus this system is working well.
I also do not want to force existing users to add a question and answer after the fact. Question and answer is also less ideal as if they forget that info as well they are out of luck.
My ideal implementation is a user would click forgot password, enter their username or email(ideally email). They would then receive an email with a new randomized password they are told to change, or a link with a token that lets them reset the password
once clicking it.
Are there any good guides out there for doing this quickly? Everything I can find either relates to using a machine key method or question and answer. I'm quite surprised I couldn't find anything as this is very common web functionality. I was surprised
it's not even a part of the default membership provider that MVC comes with. Having a login and reg system without this is just odd.
So any help would be appreciated. I could roll this on my own, but it just feels like someone would have done this already in a secure way since it's so common the web. I'd like to save the time if possible, and be sure it's secure.
If you need any more info please let me know. Thanks! :)
"And whoever is removed away from the Fire and admitted to Paradise, he indeed is successful." (The Holy Quran)
Excellent Windows VPS Hosting Imran Baloch MVP, MVB, MCP, MCTS, MCPD
DMcCrone
Member
2 Points
2 Posts
Reset/Forgot password functionality in MVC 2 with hash in default asp.net membership provider
Feb 10, 2012 09:05 PM|LINK
I currently run a MVC2 website using the default Membership provider. Everything works great, but now I find the needs for forgot password functionality.
After some googling the only good implementations I can find are based around having using the machine key for security or the question and answer functionality.
The problems with those implementations is I already have a rather large userbase. I cannot swap my passwords to machine key now as I am using a hash system already. I do not want to inconvenience my current users by forcing them all to change their passwords, plus this system is working well.
I also do not want to force existing users to add a question and answer after the fact. Question and answer is also less ideal as if they forget that info as well they are out of luck.
My ideal implementation is a user would click forgot password, enter their username or email(ideally email). They would then receive an email with a new randomized password they are told to change, or a link with a token that lets them reset the password once clicking it.
Are there any good guides out there for doing this quickly? Everything I can find either relates to using a machine key method or question and answer. I'm quite surprised I couldn't find anything as this is very common web functionality. I was surprised it's not even a part of the default membership provider that MVC comes with. Having a login and reg system without this is just odd.
So any help would be appreciated. I could roll this on my own, but it just feels like someone would have done this already in a secure way since it's so common the web. I'd like to save the time if possible, and be sure it's secure.
If you need any more info please let me know. Thanks! :)
mvc asp.net password
imran_ku07
All-Star
45815 Points
7698 Posts
MVP
Re: Reset/Forgot password functionality in MVC 2 with hash in default asp.net membership provider
Feb 11, 2012 02:47 AM|LINK
http://stackoverflow.com/questions/287320/how-do-you-change-a-hashed-password-using-asp-net-membership-provider-if-you-don
Excellent Windows VPS Hosting
Imran Baloch MVP, MVB, MCP, MCTS, MCPD
DMcCrone
Member
2 Points
2 Posts
Re: Reset/Forgot password functionality in MVC 2 with hash in default asp.net membership provider
Feb 13, 2012 04:59 PM|LINK
I was hoping for more of a guide as it just seems like this should be done and available. I'm still shocked MS didn't include it.
Thanks though, that will be a good stating point if I roll my own. :)
I'll leave this open for a bit to see if anyone else replies, otherwise I'll give you the answer.
IT.Kai
Member
4 Points
3 Posts
Re: Reset/Forgot password functionality in MVC 2 with hash in default asp.net membership provider
Dec 25, 2012 09:25 AM|LINK
I have similar problem with this. is this problem is already solved? glad you can help me with this. thanks