how do check if code entered for password reset is the same as the one sent in sms.

Question

0.00/5 (No votes)

See more:

I need to check if the code entered on resetpassword view is the same as the one sent in sms.

we are using repository pattern
i first generate the code in businesslogic

C#

public class GenerateCodeBusiness
    {
        public string CreateRandomPassword(int PasswordLength)
        {
            string _allowedChars = "0123456789abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNOPQRSTUVWXYZ";
            Random randNum = new Random();
            char[] chars = new char[PasswordLength];
            int allowedCharCount = _allowedChars.Length;
            for (int i = 0; i < PasswordLength; i++)
            {
                chars[i] = _allowedChars[(int)((_allowedChars.Length) * randNum.NextDouble())];
            }
            return new string(chars);
        }
    }
}

then i send it using a phonereset method in my controller

C#

[HttpPost]
       [AllowAnonymous]
       [ValidateAntiForgeryToken]
       public async Task<ActionResult> PhoneReset(ForgotPasswordView model, string sms)
       {

           if (ModelState.IsValid)
           {
               var user = await UserManager.FindByEmailAsync(model.Email);
               // For more information on how to enable account confirmation and password reset please visit http://go.microsoft.com/fwlink/?LinkID=320771
               // Send an email with this link
               if (user != null)
               {
                   //string code = await UserManager.GeneratePasswordResetTokenAsync(user.Id);
                   //var forgot = new ForgotPasswordBusiness();
                   //if(forgot.ForgotPassReset(model.cellNumber))
                   GenerateCodeBusiness gen = new GenerateCodeBusiness();
                   SendSmsBusiness objap = new SendSmsBusiness();
                   sms = "Your password reset code is " + gen.CreateRandomPassword(8);
                   objap.Send_SMS(model.cellNumber, sms);
                   await SignInAsync(user, isPersistent: false);
                   return RedirectToAction("ResetViaPhone", "Account");
               }
               else if (user == null)
               {
                   ModelState.AddModelError("", "The user does not exist");
                   return View();
               }
           }
           // If we got this far, something failed, redisplay form
           return View(model);
       }

this is the resetpassowrd page controller method

C#

// POST: /ResetPasswordViaPhone
     [HttpPost]
     [AllowAnonymous]
     [ValidateAntiForgeryToken]
     public async Task<ActionResult> ResetViaPhone(ResetViaPhoneView model)
     {
         if (ModelState.IsValid)
         {
             GenerateCodeBusiness gen = new GenerateCodeBusiness();

             var user = await UserManager.FindByNameAsync(model.Email);
             if (user == null  && model.code != gen.CreateRandomPassword(8))
             {
                 ModelState.AddModelError("", "No user found.");
                 return View();
             }
             IdentityResult result = await UserManager.ResetPasswordAsync(user.Id, model.code, model.New_Pass);
             if (result.Succeeded)
             {
                 return RedirectToAction("ResetPasswordConfirmation", "Account");
             }
             else
             {
                 AddErrors(result);
                 return View();
             }
         }
         // If we got this far, something failed, redisplay form
         return View(model);
     }

this is my reset password view

C#

plate.Model.ResetViaPhoneView
@{
    ViewBag.Title = "Reset password";
    Layout = "~/Views/shared/_BootstrapLayout.basic.cshtml";
}
@using (Html.BeginForm("ResetViaPhone", "Account", FormMethod.Post, new { @class = "form-horizontal", role = "form" }))
{
    @Html.AntiForgeryToken()
     <hr />
    @Html.ValidationSummary("", new { @class = "text-danger" })
   
    <div class="panel panel-default">
        <div class="panel-heading " style="background-color: green "></div>
        <div class="panel-body">
            <div class="form-group">
                @Html.LabelFor(model => model.code, new { @class = "col-md-2 control-label"  })
                <div class="col-md-10">
                    @Html.TextBoxFor(model => model.code, new { @class = "form-control" })
                </div>
            </div>

            <div class="form-group">
                @Html.LabelFor(model => model.Email, new { @class = "col-md-2 control-label" })
                <div class="col-md-10">
                    @Html.TextBoxFor(model => model.Email, new { @class = "form-control" })
                </div>
            </div>

            <div class="form-group">
                @Html.LabelFor(model => model.New_Pass, new { @class = "col-md-2 control-label" })
                <div class="col-md-10">
                    @Html.TextBoxFor(model => model.New_Pass, new { @class = "form-control" })
                </div>
            </div>

            <div class="form-group">
                @Html.LabelFor(model => model.Confirm_Pass, new { @class = "control-label col-md-2" })
                <div class="col-md-10">
                    @Html.TextBoxFor(model => model.Confirm_Pass, new { @class = "form-control" })
                   @Html.ValidationMessageFor(model => model.Confirm_Pass)
                </div>
            </div>
        </div>
    </div>

    <div class="form-group">
        <div class="col-md-offset-2 col-md-10">
            <input type="submit" value="Create" class="btn btn-default" />
        </div>
    </div>

Posted 25-Jun-15 23:20pm

Member 11488938

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Andy Lanng · Answer 1 · 2015-06-25T23:36:00

hmm. There are a few ways you 'could' do this.

I suggest storing the reset code as a salty hash in the server cache. You can hash it as it will never need to be read again, only checked against the input. The cache allows you to store it without the bother of saving it. It is secure because it is server side only. You can expire the cache entry after timespan x.

More on this here:
A Beginner's Tutorial for Understanding and Implementing Caching in ASP.NET MVC[^]

Hope that helps ^_^
Andy