473,320 Members | 1,821 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

loginpage

i am developing a webpage asp.net-c# code, loginpage in that forgotpassword i had placed , and i had given a hint question to recover a password , that password is showing directly on webpage and it is not security to my client , i need that recover password should send to user email id , i dont how to do this , in which way i would do this
May 18 '07 #1
3 1321
prabunewindia
199 100+
hi friend,
i think u r udisplaying the password, if the hint question answer is correct.
just write the code to send mail instead of displaying password. fix the To mailID
as the person who is logging in
thats
Prabu
May 18 '07 #2
chinu
36
hi friend,
i think u r udisplaying the password, if the hint question answer is correct.
just write the code to send mail instead of displaying password. fix the To mailID
as the person who is logging in
thats
Prabu
Look at the "SmtpMail" class. May be you can go through this
"http://www.aspheute.com/english/20000918.asp"
Jun 12 '07 #3
Frinavale
9,735 Expert Mod 8TB
i am developing a webpage asp.net-c# code, loginpage in that forgotpassword i had placed , and i had given a hint question to recover a password , that password is showing directly on webpage and it is not security to my client , i need that recover password should send to user email id , i dont how to do this , in which way i would do this
You're on the right track.

Ask them for their response to the hint question and if they give the correct answer I would create a new password (random password) and email them that one.

I suggest this because you are never supposed to store user passwords. Its too much of a security risk....people tend to use the same password for everything they do because its easy to remember (even though they aren't supposed to). So leaking this information can be devastating to your users.

Instead you should store a password hash...since the password hash is one way, you can not get the password based on a hash. This secures the users' passwords in case your system gets hacked.

Since you never actually know the password you will have to create a new password for the user and send them that one...then let them change their password once they're logged in.

You should be using System.Web.Security and System.Security.Cryptography to create the password hash which you store in your database...(eg if you use Forms Authentication there's a HashPasswordForStoringInConfigFile function which will create the password for you based on which Cryptography algorithm you want to use...eg "SHA1").

Does this make sense?

-Frinny
Jun 12 '07 #4

Sign in to post your reply or Sign up for a free account.

Similar topics

0
by: wei | last post by:
LoginPage.aspx: <%@ Page %> <html> <body> <h1>Please Log In</h1> <hr> <form runat="server"> <asp:TextBox ID="UserName" RunAt="server" /> <asp:TextBox ID="Password" TextMode="password"...
1
by: slawek xxxxx | last post by:
Hello everyone, I have found a problem with form authentication method that I can't solve. The problem is: I want to use a form authentication in my application, so i set : <authentication...
11
by: David W. Simmonds | last post by:
I have a form that will prompt for a user name/password. In VS.NET, I have the protected form in a folder named Admin. I have a Web.config file in that folder as well. It contains the following...
2
by: francois | last post by:
in my web.config i have the following : <sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
0
by: WIWA | last post by:
Hi, I want to login to a password protected website and fetch the content of the page behind. I have based my code on http://weblogs.asp.net/jdennany/archive/2005/04/23/403971.aspx. When I use...
1
by: mathewgk80 | last post by:
Hi all, I have two aspx pages. 1.Home.aspx and LoginPage.aspx. In the LoginPage.aspx, the user has to enter the username and password. and click on the submit button. If both username and...
4
by: DNK2007 | last post by:
Hello all, Is there any way to pass username, password values which are filled in one login web page to another login page. Ex-- I have login.html page within my system. Is it possible to fill the...
4
by: damiensawyer | last post by:
Hi, I'm trying to do something in global.asax that I would have thought to be quite simple. Basically, any request at all should get sent to another page. I actually got the code below from a...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.