Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: ASP.NET
Hi All,
 
Note: 'I am not using Membership.
 
On the login page I would like to place a Forgot Password link. So when the User clicks on the link Email Address and Username will be entered which will be verified in the database.
 
Then a link is send to the User for the ChangePassword.aspx which will expire in one day.
 
How to Create this link which is secure.
 
Thanks & Regards,
Prathap.
Posted 9-Oct-12 10:35am
Comments
Nelek at 9-Oct-12 15:50pm
   

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

HELLO
 //Create Connection String And SQL Statement
 
        string strConnection = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
 
      string strSelect = "SELECT UserName,Password FROM Users WHERE Email = @Email";
 
 
 
        SqlConnection connection = new SqlConnection(strConnection);
 
        SqlCommand command = new SqlCommand();
 
        command.Connection = connection;
        command.CommandType = CommandType.Text;
 
        command.CommandText = strSelect;
 
 
 
      SqlParameter email = new SqlParameter("@Email", SqlDbType.VarChar, 50);
 
        email.Value = txtEmail.Text.Trim().ToString();
 
        command.Parameters.Add(email);
 
 
 
        //Create Dataset to store results and DataAdapter to fill Dataset 
 
        DataSet dsPwd = new DataSet();
 
        SqlDataAdapter dAdapter = new SqlDataAdapter(command);
 
        connection.Open();
 
        dAdapter.Fill(dsPwd);
 
        connection.Close();
 
        if(dsPwd.Tables[0].Rows.Count > 0 )
 
        {
 
            MailMessage loginInfo = new MailMessage();
 
            loginInfo.To.Add(txtEmail.Text.ToString());
 
            loginInfo.From = new MailAddress("YourID@gmail.com");
 
            loginInfo.Subject = "Forgot Password Information";
 
 
 
            loginInfo.Body = "Username: " + dsPwd.Tables[0].Rows[0]["UserName"] + "<br><br>Password: " + dsPwd.Tables[0].Rows[0]["Password"] + "<br><br>";
 
          loginInfo.IsBodyHtml = true;
 
            SmtpClient smtp = new SmtpClient();
 
            smtp.Host = "smtp.gmail.com"; 
 
            smtp.Port = 587;
 
            smtp.EnableSsl = true;
 
            smtp.Credentials = new System.Net.NetworkCredential("YourGmailID@gmail.com", "YourGmailPassword");
 
            smtp.Send(loginInfo);
 
            lblMessage.Text = "Password is sent to you email id,you can now <a href="Login.aspx">Login</a>";
 
        }
 
        else
 
        {
 
            lblMessage.Text = "Email Address Not Registered";
 
        }
 
 
 
    }
 
OR YOU CAN SEND RESET PASSWORD LINK AND YOU CAN IMPLIMENT YOUR OWN LOGIC TO EXPIRE THE LONK.
  Permalink  
Comments
Marcus Kramer at 9-Oct-12 19:10pm
   
My vote of 1. I'm sorry, but this is absolutely dreadful and that is where you start by storing a plain text password. Where is the security.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 BillWoodruff 330
1 Mathew Soji 309
2 Maciej Los 295
3 DamithSL 225
4 Afzaal Ahmad Zeeshan 217
0 OriginalGriff 6,369
1 Sergey Alexandrovich Kryukov 5,973
2 DamithSL 5,183
3 Manas Bhardwaj 4,673
4 Maciej Los 4,025


Advertise | Privacy | Mobile
Web02 | 2.8.1411019.1 | Last Updated 9 Oct 2012
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100