Reputation: 71
implementing "Forgot password" in asp.net mvc 2.0 by asking user email
I am implementing "Forgot Password" functionality in asp.net mvc 2.0 site.Scenario is ,If i click Forgot Password button it will go to some page and it asks the user to enter his email id.Once he entered his email-id ,then his password is retrieved from the database and send to his email id . How to send password to user email.If you have any similar posts please send me the link.
Upvotes: 0
Views: 2100
Answers (1)
Reputation: 48958
I know it happens in a lot of apps, but realy, and excuse me for the bold caps for once, : YOU MUSTN'T STORE USERPASSWORDS!!
In stead you should store one-way hashes like MD5 or SHA1, or anything really, and compare the hashed value of their input with the value in the database. That way, if your data is hacked, your users are still safe.
A lot of users use the same pwd for everything, so if you have their email AND pwd, you, an employer or a hacker, has access to their mail and God knows what else... It is just not ethical for a good programmer to keep passwords.
So the answer : reset their password, mail it to them, and make them change it at first login.
Upvotes: 1
Related Questions
- MVC ForgotPassword method not sending reset email
- How to get Email from coming code for Reset Password
- Forgot Password method & Edit User method not working
- Asp net password recovery
- Some questions regarding implementing forgot password functionality in asp.net mvc
- asp.net 3.5 password recovery control in an mvc app?
- How should I implement "Forgot your password" in ASP.NET MVC?
- Reset/Forgot password functionality in MVC 2 with default asp.net membership provider
- Implement Forget password in asp.net MVC C#
- Best Practice for Password Reset in ASP.NET MVC