Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: ASP.NET
I have used web site administration tool in asp.net to make user.My question is if a user forget the password and want to get back through email, how can i implement this using gmail.
Posted 25-Oct-11 6:13am

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

In general it's considered bad form to store the password in plaintext or in 2-way encrypted format. If a user forgets his password he should be sent a link to reset his password. His password should not be stored in a manner where it can be extracted nor should it under any circumstances be sent via plain text email.
  Permalink  
Comments
SAKryukov at 25-Oct-11 12:48pm
   
True, my 5. It leaves for explanation how password reset mechanism can work safely.
--SA
Nishant Sivakumar at 25-Oct-11 14:36pm
   
Thanks SA.
Tech Code Freak at 25-Oct-11 14:10pm
   
In what form must we store the password in the database?
Should we encrypt it before storing too?
Nishant Sivakumar at 25-Oct-11 14:36pm
   
Should not be stored at all except as a hash of some form.
Tech Code Freak at 26-Oct-11 2:34am
   
Thanks for the info! My 5up!
Tech Code Freak at 26-Oct-11 12:08pm
   
OK I understood. But as hashing is one way, how to authenticate(verify) the password entered by the user with that in the database(hashed value)? Please help! I'm a little confused.
Nishant Sivakumar at 26-Oct-11 12:25pm
   
Password verification is done by hash comparison.
Tech Code Freak at 26-Oct-11 12:55pm
   
Does it mean that while registration, the user's password is hashed and stored in the database.
And then, when he wants to login and enters username and password, this entered password is sent to web server, hashed and this hash is compared with the hash stored in the database.
Is this right?
Nishant Sivakumar at 26-Oct-11 12:56pm
   
Yes, that's exactly how most common password implementations work.
Tech Code Freak at 27-Oct-11 4:37am
   
Okay, I understood. Thank You so much for all the help & info!
Which hashing technique is the best one you can recommend for such a task?
Mousumi2708 at 28-Oct-11 11:39am
   
Thank you Sir.But my question is how can I use Password Recovery control in ASP.NET? This control needs a mail Id To send the password.If I want to use
Gmail .com as a sender then what is the solution?

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



Advertise | Privacy | Mobile
Web03 | 2.8.1411022.1 | Last Updated 25 Oct 2011
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100