Problem solve Get help with specific problems with your technologies, process and projects.

Password recovery with .NET 2.O using C#

ASP.NET developers can use built-in Membership controls to enhance application authentication and authorization. Expert Dan Cornell explains how to use these controls to create a password recovery mechanism.

I am new to .Net. I would like to work with password recovery control. Can you tell me how to do it working with ASP.NET 2.0 using C#? Thanks.

The first thing to note is that use of the PasswordRecovery control requires that you are also using the ASP.NET 2.0 Membership system. This is a good thing, however, because the ASP.NET 2.0 Membership system and the associated controls make the creation of applications with authentication and authorization of page resources straightforward.

The PasswordRecovery control works by emailing the user's forgotten password, so the <smtpMail /> configuration section must be set to use a valid SMTP server and port. Also, use of the PasswordRecovery control requires that the Membership system be set up to allow password retrieval, and the passwords must actually be stored in a recoverable format and not hashed. This can be accomplished by adding the following attributes to the <membership /> configuration section:

passwordFormat="Clear" or passwordFormat="Encrypted"

The <mailDefinition /> section of the <PasswordRecovery> control can be used to set the FROM email address on the password recovery emails.

Application security resources:
Creating password recovery mechanisms in ASP.NET

ASP.NET security tools and techniques

The most effective time to do security testing

Using the control with these settings will enable you to easily create a base-level of password recovery functionality. If you would also like to take advantage of the question/answer functionality that requires a correct response to a user-defined question before sending the user's password, set the following attribute in the <membership /> configuration:


The PasswordRecovery control should make it easy to add reasonably secure password recovery features to your ASP.NET 2.0-based application. For more information see the MSDN documentation on the PasswordRecovery class.

Dig Deeper on Topics Archive

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.