Click here to Skip to main content
12,402,211 members (44,170 online)
Rate this:
 
Please Sign up or sign in to vote.
See more: ASP.NET
Hi All,

Note: 'I am not using Membership.

On the login page I would like to place a Forgot Password link. So when the User clicks on the link Email Address and Username will be entered which will be verified in the database.

Then a link is send to the User for the ChangePassword.aspx which will expire in one day.

How to Create this link which is secure.

Thanks & Regards,
Prathap.
Posted 9-Oct-12 9:35am
Comments
Nelek 9-Oct-12 15:50pm
   

1 solution

Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 2

HELLO
//Create Connection String And SQL Statement

       string strConnection = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
 
     string strSelect = "SELECT UserName,Password FROM Users WHERE Email = @Email";
 

 
       SqlConnection connection = new SqlConnection(strConnection);
 
       SqlCommand command = new SqlCommand();
 
       command.Connection = connection;
       command.CommandType = CommandType.Text;
 
       command.CommandText = strSelect;
 

 
     SqlParameter email = new SqlParameter("@Email", SqlDbType.VarChar, 50);
 
       email.Value = txtEmail.Text.Trim().ToString();
 
       command.Parameters.Add(email);
 

 
       //Create Dataset to store results and DataAdapter to fill Dataset

       DataSet dsPwd = new DataSet();
 
       SqlDataAdapter dAdapter = new SqlDataAdapter(command);
 
       connection.Open();
 
       dAdapter.Fill(dsPwd);
 
       connection.Close();
 
       if(dsPwd.Tables[0].Rows.Count > 0 )
 
       {
 
           MailMessage loginInfo = new MailMessage();
 
           loginInfo.To.Add(txtEmail.Text.ToString());
 
           loginInfo.From = new MailAddress("YourID@gmail.com");
 
           loginInfo.Subject = "Forgot Password Information";
 

 
           loginInfo.Body = "Username: " + dsPwd.Tables[0].Rows[0]["UserName"] + "<br><br>Password: " + dsPwd.Tables[0].Rows[0]["Password"] + "<br><br>";
 
         loginInfo.IsBodyHtml = true;
 
           SmtpClient smtp = new SmtpClient();
 
           smtp.Host = "smtp.gmail.com";
 
           smtp.Port = 587;
 
           smtp.EnableSsl = true;
 
           smtp.Credentials = new System.Net.NetworkCredential("YourGmailID@gmail.com", "YourGmailPassword");
 
           smtp.Send(loginInfo);
 
           lblMessage.Text = "Password is sent to you email id,you can now <a href="Login.aspx">Login</a>";
 
       }
 
       else
 
       {
 
           lblMessage.Text = "Email Address Not Registered";
 
       }
 

 
   }

OR YOU CAN SEND RESET PASSWORD LINK AND YOU CAN IMPLIMENT YOUR OWN LOGIC TO EXPIRE THE LONK.
  Permalink  
Comments
Marcus Kramer 9-Oct-12 19:10pm
   
My vote of 1. I'm sorry, but this is absolutely dreadful and that is where you start by storing a plain text password. Where is the security.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month


Advertise | Privacy | Mobile
Web01 | 2.8.160721.1 | Last Updated 9 Oct 2012
Copyright © CodeProject, 1999-2016
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100