First you will need a table to store the password change requests, we will call it password_change_requests and in it you will need to have the following information.
Table id (recommended to be a GUID)
User id
Time to expire
After the creation of this table your process should work as follows;
- On the login screen it is recommended to have a link "Forgot password?" , where the user will be forwarded to a page where he will type his login or email and will have a button "Continue".
- After clicking "Continue" the system will save the user id in the table password_change_requests and send an email to the user passing as parameter in the url the id of the table password_change_requests or : http://www.mysite.com/forgotpassword?ID={id of the password_change_requests table}
- When entering the page to register a new password the system will check if the id passed by query string exists in the table password_change_requests and if it is not running out of time.
- If everything is in order the user can change his password.
- After entering the new password you should delete this record preventing it from being used again.
I don’t really like the idea of using this but take a look: https://msdn.microsoft.com/en-us/library/webmatrix.webdata.websecurity.generatepasswordresettoken(v=vs.111). aspx
– Maniero
An answer in the OS: http://stackoverflow.com/a/19036559/221800. Depending on what you are using it may be useful: http://stackoverflow.com/a/28112472/221800 Or http://stackoverflow.com/a/24211766/221800
– Maniero
I really liked that response from the O.R., but the guy won’t say what it is
IdentityManager
. And then you can’t move on.– Jedaias Rodrigues
I don’t know either, but I know that it is important in this technology: http://blogs.msdn.com/b/webdev/archive/2013/06/27/introducing-asp-net-identity-membership-system-for-asp-net-applications.aspx. and http://www.asp.net/identityidentity
– Maniero
I understood, but I would not like to install another package in the project. I think I will use the option of your first comment even. Thank you very much. I just don’t understand why you don’t like it...
– Jedaias Rodrigues
So do it in hand, worry about all the risks and difficulties that several professionals experts in the subject had and took months or years to get into it :) What I do not like is the 1st. link only. I don’t quite know how it works but it seemed to me a beautiful gambiarra (although maybe it solves the issue in a simple way). The
IdentityManager
seems more appropriate.– Maniero
Want to build a new Preview? What’s the need for this ?
– Rod