How to implement password reset in MVC2 application?
Passwords are hashed using ASP .NET membership provider. Password recovery question is not used. Standard ASP .NET MVC2 project template with standard AccountController class is used.
If user forgots password, email with temporary link or with new password should sent to user e-mail address .
Where to find code to implement this in MVC 2 C# ?
stack overflow contains two answers which discuss methods about implementing this. There is not sample code. I googled for "asp .net mvc password reset c# sample code download" but havent found sample code for this.
I'm new to MVC. Where to find sample code for password recovery? This is missing from VS2010 generated project template.
Update
I tried this code in Mono 2.10 but got exception:
CspParameters not supported by Mono
at line
des.Key = pdb.CryptDeriveKey("RC2", "MD5", 128, new byte[8]);
How to run it in Mono ?
Stack Trace:
System.NotSupportedException: CspParameters not supported by Mono
at System.Security.Cryptography.PasswordDeriveBytes.CryptDeriveKey (string,string,int,byte[]) [0x0001b] in /usr/src/redhat/BUILD/mono-2.10.2/mcs/class/corlib/System.Security.Cryptography/PasswordDeriveBytes.cs:197
at store2.Helpers.Password.EncodeMessageWithPassword (string,string) <IL 0x00055, 0x000f3>
at store2.Helpers.AccountHelper.GetTokenForValidation (string) <IL 0x00033, 0x00089>
at MvcMusicStore.Controllers.AccountController.PasswordReminder (MvcMusicStore.Models.PasswordReminderModel) <IL 0x001ac, 0x00495>
at (wrapper dynamic-method) System.Runtime.CompilerServices.ExecutionScope.lambda_method (System.Runtime.CompilerServices.ExecutionScope,System.Web.Mvc.ControllerBase,object[]) <IL 0x00020, 0x0005b>
at System.Web.Mvc.ActionMethodDispatcher.Execute (System.Web.Mvc.ControllerBase,object[]) <IL 0x00008, 0x0001b>
at System.Web.Mvc.ReflectedActionDescriptor.Execute (System.Web.Mvc.ControllerContext,System.Collections.Generic.IDictionary`2<string, object>) <IL 0x00072, 0x00103>
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod (System.Web.Mvc.ControllerContext,System.Web.Mvc.ActionDescriptor,System.Collections.Generic.IDictionary`2<string, object>) <IL 0x00003, 0x00019>
at System.Web.Mvc.ControllerActionInvoker/<>c__DisplayClassd.<InvokeActionMethodWithFilters>b__a () <IL 0x0002d, 0x00068>
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter (System.Web.Mvc.IActionFilter,System.Web.Mvc.ActionExecutingContext,System.Func`1<System.Web.Mvc.ActionExecutedContext>) <IL 0x00031, 0x000b6>
--------------------------------------------------------------------------------
Version information: Mono Runtime Version: 2.10.2 (tarball Mon Apr 18 18:57:39 UTC 2011); ASP.NET Version: 2.0.50727.1433
Here is my approach. In MVC you will have an action called RetrievePassword where you will ask for the user's email address and pass it in a post
An email message will be sent with a url that redirects to http://example.com/Account/Validate?email=xxxxxxxx&token=xxxxxxxx
If the token is valid for the email, you will probably display a password reset form so they choose a new password.
So you need a Validate Action:
Here are some of the helpers you see in this code:
Account Helper
And Finally here some code to encrypt, decript a token...
I have it in a Password class that is intended to be a helper.
/// EDIT: Removed the two functions I referenced before and show the full helper class.
Here is the Password static class with all helper functions.
here the russian version password recovery
Set a Reset password GUID in user table. You may also use an expiration time. If user tried to reset password, update the field with a new GUID and datetime for expiration.
Send a link containing the link to reset password with the GUID.
A sample function like this can be created for that
The value in res can be the GUID updated in DB. Send a link with this GUID. You can check the expiration time also. This is just an idea only
I've got an example of how to implement password recovery in a standard ASP.NET MVC application in my blog.
This blog post assumes that you already have the login process working (database and all) and that you only need to wire the password recovery process.
http://hectorcorrea.com/Blog/Password-Recovery-in-an-ASP.NET-MVC-Project
Answer to implement password reset in MVC2 application