Ask the Expert

Password recovery with .NET 2.O using C#

I am new to .Net. I would like to work with password recovery control. Can you tell me how to do it working with ASP.NET 2.0 using C#? Thanks.

Requires Free Membership to View

The first thing to note is that use of the PasswordRecovery control requires that you are also using the ASP.NET 2.0 Membership system. This is a good thing, however, because the ASP.NET 2.0 Membership system and the associated controls make the creation of applications with authentication and authorization of page resources straightforward.

The PasswordRecovery control works by emailing the user's forgotten password, so the <smtpMail /> configuration section must be set to use a valid SMTP server and port. Also, use of the PasswordRecovery control requires that the Membership system be set up to allow password retrieval, and the passwords must actually be stored in a recoverable format and not hashed. This can be accomplished by adding the following attributes to the <membership /> configuration section:

enablePasswordRetrieval="True"
passwordFormat="Clear" or passwordFormat="Encrypted"


The <mailDefinition /> section of the <PasswordRecovery> control can be used to set the FROM email address on the password recovery emails.

Application security resources:
Creating password recovery mechanisms in ASP.NET

ASP.NET security tools and techniques

The most effective time to do security testing

Using the control with these settings will enable you to easily create a base-level of password recovery functionality. If you would also like to take advantage of the question/answer functionality that requires a correct response to a user-defined question before sending the user's password, set the following attribute in the <membership /> configuration:

requiresQuestionAndAnswer="True"

The PasswordRecovery control should make it easy to add reasonably secure password recovery features to your ASP.NET 2.0-based application. For more information see the MSDN documentation on the PasswordRecovery class.

This was first published in October 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: