Click here to Skip to main content
11,704,044 members (67,731 online)
Rate this: bad
good
Please Sign up or sign in to vote.
See more: ASP.NET
Hi All,

Note: 'I am not using Membership.

On the login page I would like to place a Forgot Password link. So when the User clicks on the link Email Address and Username will be entered which will be verified in the database.

Then a link is send to the User for the ChangePassword.aspx which will expire in one day.

How to Create this link which is secure.

Thanks & Regards,
Prathap.
Posted 9-Oct-12 9:35am
Comments
Nelek at 9-Oct-12 15:50pm
   

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

HELLO
//Create Connection String And SQL Statement

       string strConnection = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
 
     string strSelect = "SELECT UserName,Password FROM Users WHERE Email = @Email";
 

 
       SqlConnection connection = new SqlConnection(strConnection);
 
       SqlCommand command = new SqlCommand();
 
       command.Connection = connection;
       command.CommandType = CommandType.Text;
 
       command.CommandText = strSelect;
 

 
     SqlParameter email = new SqlParameter("@Email", SqlDbType.VarChar, 50);
 
       email.Value = txtEmail.Text.Trim().ToString();
 
       command.Parameters.Add(email);
 

 
       //Create Dataset to store results and DataAdapter to fill Dataset

       DataSet dsPwd = new DataSet();
 
       SqlDataAdapter dAdapter = new SqlDataAdapter(command);
 
       connection.Open();
 
       dAdapter.Fill(dsPwd);
 
       connection.Close();
 
       if(dsPwd.Tables[0].Rows.Count > 0 )
 
       {
 
           MailMessage loginInfo = new MailMessage();
 
           loginInfo.To.Add(txtEmail.Text.ToString());
 
           loginInfo.From = new MailAddress("YourID@gmail.com");
 
           loginInfo.Subject = "Forgot Password Information";
 

 
           loginInfo.Body = "Username: " + dsPwd.Tables[0].Rows[0]["UserName"] + "<br><br>Password: " + dsPwd.Tables[0].Rows[0]["Password"] + "<br><br>";
 
         loginInfo.IsBodyHtml = true;
 
           SmtpClient smtp = new SmtpClient();
 
           smtp.Host = "smtp.gmail.com";
 
           smtp.Port = 587;
 
           smtp.EnableSsl = true;
 
           smtp.Credentials = new System.Net.NetworkCredential("YourGmailID@gmail.com", "YourGmailPassword");
 
           smtp.Send(loginInfo);
 
           lblMessage.Text = "Password is sent to you email id,you can now <a href="Login.aspx">Login</a>";
 
       }
 
       else
 
       {
 
           lblMessage.Text = "Email Address Not Registered";
 
       }
 

 
   }

OR YOU CAN SEND RESET PASSWORD LINK AND YOU CAN IMPLIMENT YOUR OWN LOGIC TO EXPIRE THE LONK.
  Permalink  
Comments
Marcus Kramer at 9-Oct-12 19:10pm
   
My vote of 1. I'm sorry, but this is absolutely dreadful and that is where you start by storing a plain text password. Where is the security.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 Maciej Los 530
1 OriginalGriff 510
2 Sergey Alexandrovich Kryukov 421
3 Andy Lanng 294
4 F-ES Sitecore 220
0 OriginalGriff 8,744
1 Sergey Alexandrovich Kryukov 7,747
2 CPallini 5,107
3 Maciej Los 4,716
4 Mika Wendelius 3,606


Advertise | Privacy | Mobile
Web02 | 2.8.150819.1 | Last Updated 9 Oct 2012
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100