getting password through Email

Question

5.00/5 (1 vote)

See more:

I have used web site administration tool in asp.net to make user.My question is if a user forget the password and want to get back through email, how can i implement this using gmail.

Posted 25-Oct-11 5:13am

Mousumi2708

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Nish Nishant · Answer 1 · 2011-10-25T05:18:00

Solution 1

In general it's considered bad form to store the password in plaintext or in 2-way encrypted format. If a user forgets his password he should be sent a link to reset his password. His password should not be stored in a manner where it can be extracted nor should it under any circumstances be sent via plain text email.

Posted 25-Oct-11 5:18am

Nish Nishant

Comments

Sergey Alexandrovich Kryukov 25-Oct-11 12:48pm

True, my 5. It leaves for explanation how password reset mechanism can work safely.
--SA

Nish Nishant 25-Oct-11 14:36pm

Thanks SA.

Tech Code Freak 25-Oct-11 14:10pm

In what form must we store the password in the database?
Should we encrypt it before storing too?

Nish Nishant 25-Oct-11 14:36pm

Should not be stored at all except as a hash of some form.

Tech Code Freak 26-Oct-11 2:34am

Thanks for the info! My 5up!

Tech Code Freak 26-Oct-11 12:08pm

OK I understood. But as hashing is one way, how to authenticate(verify) the password entered by the user with that in the database(hashed value)? Please help! I'm a little confused.

Nish Nishant 26-Oct-11 12:25pm

Password verification is done by hash comparison.

Tech Code Freak 26-Oct-11 12:55pm

Does it mean that while registration, the user's password is hashed and stored in the database.
And then, when he wants to login and enters username and password, this entered password is sent to web server, hashed and this hash is compared with the hash stored in the database.
Is this right?

Nish Nishant 26-Oct-11 12:56pm

Yes, that's exactly how most common password implementations work.

Tech Code Freak 27-Oct-11 4:37am

Okay, I understood. Thank You so much for all the help & info!
Which hashing technique is the best one you can recommend for such a task?

Mousumi2708 28-Oct-11 11:39am

Thank you Sir.But my question is how can I use Password Recovery control in ASP.NET? This control needs a mail Id To send the password.If I want to use
Gmail .com as a sender then what is the solution?