The PasswordRecovery control available in ASP.NET 3.5 assists is a part of Login controls and helps to recover their password who have forgotten their passwords. It enables a user to request an e-mail message containing either a new password or the password already associated with his or her user name or email.
The PasswordRecovery Web control uses Internet e-mail services to send recovered or new passwords to users. There are inherent security risks with sending passwords in e-mail. You should determine whether these security risks are acceptable to your site.
Users can recover passwords only when the membership provider defined in the MembershipProvider property supports clear text or encrypted passwords. Because hashed passwords cannot be recovered, users at sites that use hashed passwords can only reset their passwords.
The PasswordRecovery control can be used when a membership user has not been approved (MembershipUser.::.IsApproved is set to false), but it cannot be used when a membership user has been locked out (MembershipUser..::.IsLockedOut is set to true).
The e-mail message is sent using the MailDefinition class. To be able to send e-mail to users, you must configure a mail server in your application's Web.config file. You can change the content of the e-mail sent to users by setting a custom message in the MailDefinition property.
It is not possible to guarantee that a user will receive or view an e-mail message. To verify that a user has received a notification by e-mail, consider providing a confirmation link in the message, allowing the user to confirm that the notification was received.
The PasswordRecovery control has three states, or views:
-
UserName view - Asks the user for his or her registered user name.
-
Question view - Requires the user to provide the answer to a stored question to reset the password.
-
Success view - Tells the user whether the password recovery or reset was successful.
PasswordRecovery Templates The PasswordRecovery control supports templates for every view.
-
The UserName template contains all the controls displayed for the first step of the password recovery process when the user is required to enter the user name.
-
Controls for the second step, the password question step are placed in the QuestionTemplate.
-
Finally, the control support a SuccessTemplate that consist of the controls displayed for the confirmation, which are shown after the password has been sent successfully to the user.
The PasswordRecovery control displays the Question view only when the membership provider defined in the MembershipProvider property supports password question and answer.
The following table lists each style property of the PasswordRecovery control and indicates which view it affects.
PasswordRecovery Control Events
-
VarifyingUser Validating the user name means looking for the user in the membership store and retrieving the password question information.
-
UserLookupError If the user name entered in the user name text box doesn't exist in the membership store, this event is raised before the failure text is displayed.
-
VerifyingAnswer When the user click the submit button in the second step, the answer from the question is compared to that password which is stored in the membership data. This event is raised before this action take place.
-
AnswerLookupError Is the answer provided by the user is not correct, this event will be fired by the control.br> • SendingMail If answer has been identified then this event will be fired and before email is sent throught the mail server.
-
SendMailError If email cannot be sent by some reason then this event will be fired.
The following code snippet shows how to use a PasswordRecovery control in an ASP.NET page.
<asp:PasswordRecovery ID="PasswordRecovery1" runat="server" BackColor="#F7F6F3"
BorderColor="#E6E2D8" BorderPadding="4" BorderStyle="Solid" BorderWidth="1px"
Font-Names="Verdana" Font-Size="Large"
onsendingmail="PasswordRecovery1_SendingMail" Width="532px" >
<MailDefinition From="[email protected]" Subject="Forgetton Password" Priority="High">
</MailDefinition>
<InstructionTextStyle Font-Italic="True" ForeColor="Black" />
<SuccessTextStyle Font-Bold="True" ForeColor="#5D7B9D" />
<TextBoxStyle Font-Size=Medium />
<UserNameTemplate>
<span style="text-align:center">
<font face="Verdana">
<h3>Forgot Password </h3>
UserName: <asp:TextBox ID="UserName" runat="server"
Width="236px"></asp:TextBox> <asp:Button ID="SubmitButton" runat="server"
Text="SEND" CommandName="Submit" /><br />
<span style="color: #FF0000">
<asp:Literal ID="FailureText" runat="server"></asp:Literal>
</span>
</font>
</span>
</UserNameTemplate>
<QuestionTemplate>
<h2>Forgot Password</h2>
Hello <asp:Literal ID="UserName" runat="server"></asp:Literal><br />
Please answer your password question : <br />
<asp:Literal ID="Question" runat="server"></asp:Literal>
<asp:TextBox ID="Answer" runat="server"></asp:TextBox><br />
<asp:Button ID="SubmitButton" runat="server" Text="Send Answer By Mail"
CommandName="Submit"/><br />
<asp:Literal ID="FailureText" runat="server"></asp:Literal>
</QuestionTemplate>
<SuccessTemplate>
Your password has been sent to your email addres
<asp:Label ID="EmailLabel" runat="server"></asp:Label>
</SuccessTemplate>
<TitleTextStyle BackColor="#5D7B9D" Font-Bold="True" Font-Size="0.9em"
ForeColor="White" />
<SubmitButtonStyle BackColor="#FFFBFF" BorderColor="#CCCCCC" BorderStyle="Solid"
BorderWidth="1px" Font-Names="Verdana" Font-Size="0.8em"
ForeColor="#284775" />
</asp:PasswordRecovery>
We need to configure the email setup including email from, subject, and SMTP server in Web.config. Here is the SMTP setup settings. Rest everything is taken care by the control itself.
<system.net>
<mailSettings>
<smtp deliveryMethod="Network">
<network host="localhost" port="25" />
</smtp>
</mailSettings>
</system.net>
<MailDefinition From="[email protected]" Subject="Forgetton Password" Priority="High">
</MailDefinition>
Download the attached project for more details.