Last post Aug 20, 2015 03:06 AM by Nan Yu
Aug 19, 2015 06:59 AM|Wael Asfour|LINK
Aug 19, 2015 03:34 PM|DeadTroll|LINK
I would first ask if you are also storing the users email address? If so I would send an email to that address instead of "secret code" (really a secondary password that might be even easier to hack) and in that email it contains a link back to your site.
The link also has a query string with guid in it. The page that this link goes to checks that guid against a table and a checks the valid date time. So that the link is only good for an hour or so. If the guid checks out and is still valid then shows them
the password reset textboxes, if not tells them not a valid link.
Aug 20, 2015 03:06 AM|Nan Yu|LINK
Hi Wael Asfour,
As i suggested before , if you are using Asp.net Identity ,On
UserManager , you could try to first call
GeneratePasswordResetTokenAsync. Once the user has verified his identity (for example by receiving the token in an email), pass the token to
ResetPasswordAsync. You could refer to links for details and demo:
And also refer to links below for more information: