Q

Password recovery with .NET 2.O using C#

ASP.NET developers can use built-in Membership controls to enhance application authentication and authorization. Expert Dan Cornell explains how to use these controls to create a password recovery mechanism.

I am new to .Net. I would like to work with password recovery control. Can you tell me how to do it working with ASP.NET 2.0 using C#? Thanks.

The first thing to note is that use of the PasswordRecovery control requires that you are also using the ASP.NET 2.0 Membership system. This is a good thing, however, because the ASP.NET 2.0 Membership system and the associated controls make the creation of applications with authentication and authorization of page resources straightforward.

The PasswordRecovery control works by emailing the user's forgotten password, so the <smtpMail /> configuration section must be set to use a valid SMTP server and port. Also, use of the PasswordRecovery control requires that the Membership system be set up to allow password retrieval, and the passwords must actually be stored in a recoverable format and not hashed. This can be accomplished by adding the following attributes to the <membership /> configuration section:

enablePasswordRetrieval="True"
passwordFormat="Clear" or passwordFormat="Encrypted"


The <mailDefinition /> section of the <PasswordRecovery> control can be used to set the FROM email address on the password recovery emails.

Application security resources:
Creating password recovery mechanisms in ASP.NET

ASP.NET security tools and techniques

The most effective time to do security testing

Using the control with these settings will enable you to easily create a base-level of password recovery functionality. If you would also like to take advantage of the question/answer functionality that requires a correct response to a user-defined question before sending the user's password, set the following attribute in the <membership /> configuration:

requiresQuestionAndAnswer="True"

The PasswordRecovery control should make it easy to add reasonably secure password recovery features to your ASP.NET 2.0-based application. For more information see the MSDN documentation on the PasswordRecovery class.

This was first published in October 2007

Dig deeper on Building security into the SDLC (Software development life cycle)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSOA

TheServerSide

SearchCloudApplications

SearchAWS

SearchBusinessAnalytics

SearchFinancialApplications

SearchHealthIT

Close