Click here to Skip to main content
16,017,922 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
Hi All,

Note: 'I am not using Membership.

On the login page I would like to place a Forgot Password link. So when the User clicks on the link Email Address and Username will be entered which will be verified in the database.

Then a link is send to the User for the ChangePassword.aspx which will expire in one day.

How to Create this link which is secure.

Thanks & Regards,
Prathap.
Posted
Comments
Nelek 9-Oct-12 15:50pm    

1 solution

HELLO
//Create Connection String And SQL Statement

       string strConnection = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;

     string strSelect = "SELECT UserName,Password FROM Users WHERE Email = @Email";



       SqlConnection connection = new SqlConnection(strConnection);

       SqlCommand command = new SqlCommand();

       command.Connection = connection;
       command.CommandType = CommandType.Text;

       command.CommandText = strSelect;



     SqlParameter email = new SqlParameter("@Email", SqlDbType.VarChar, 50);

       email.Value = txtEmail.Text.Trim().ToString();

       command.Parameters.Add(email);



       //Create Dataset to store results and DataAdapter to fill Dataset

       DataSet dsPwd = new DataSet();

       SqlDataAdapter dAdapter = new SqlDataAdapter(command);

       connection.Open();

       dAdapter.Fill(dsPwd);

       connection.Close();

       if(dsPwd.Tables[0].Rows.Count > 0 )

       {

           MailMessage loginInfo = new MailMessage();

           loginInfo.To.Add(txtEmail.Text.ToString());

           loginInfo.From = new MailAddress("YourID@gmail.com");

           loginInfo.Subject = "Forgot Password Information";



           loginInfo.Body = "Username: " + dsPwd.Tables[0].Rows[0]["UserName"] + "<br><br>Password: " + dsPwd.Tables[0].Rows[0]["Password"] + "<br><br>";

         loginInfo.IsBodyHtml = true;

           SmtpClient smtp = new SmtpClient();

           smtp.Host = "smtp.gmail.com";

           smtp.Port = 587;

           smtp.EnableSsl = true;

           smtp.Credentials = new System.Net.NetworkCredential("YourGmailID@gmail.com", "YourGmailPassword");

           smtp.Send(loginInfo);

           lblMessage.Text = "Password is sent to you email id,you can now <a href="Login.aspx">Login</a>";

       }

       else

       {

           lblMessage.Text = "Email Address Not Registered";

       }



   }


OR YOU CAN SEND RESET PASSWORD LINK AND YOU CAN IMPLIMENT YOUR OWN LOGIC TO EXPIRE THE LONK.
 
Share this answer
 
Comments
fjdiewornncalwe 9-Oct-12 19:10pm    
My vote of 1. I'm sorry, but this is absolutely dreadful and that is where you start by storing a plain text password. Where is the security.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900