Password recovery

Question

My client requirement for the password recovery is,

when user enters his email/username, system will email him a unique link. In users email, when the user will click the link,

system will take the user to the change password page. User will type a new password and his password will be changed.

Any idea how to do this??

Right now the change password page is only accessable for the logged in users. How do I let a user in to the page by a external link click?

Answer 1

This is a kind of a "Password change process":

• Create a database table with the userId, createDate, closeDate, and a UUID
• send the mail with a link to your page that has the uuid from the prcoess database table
• if the user enters the page you check if the process is still open (closeDate is null)
• user can change password
• you set the closeDate

Answer 2

First check the user Email IF it exists then send him/her a unique email of the link Example:

link : http:\\www.abc.com\passwordrecovery.aspx?ID="+Guid.NewID()

In this way you will send a unique email to every user also store this ID in the user table so when the user click the link you will be able to verify sender.

On your Password Recovery Page Check the value of Query String variable ID and matched the ID of the user in the database if they are equal then show the password page of the required user.

Hope you understand it.