i am developing a webpage asp.net-c# code, loginpage in that forgotpassword i had placed , and i had given a hint question to recover a password , that password is showing directly on webpage and it is not security to my client , i need that recover password should send to user email id , i dont how to do this , in which way i would do this
You're on the right track.
Ask them for their response to the hint question and if they give the correct answer I would create a new password (random password) and email them that one.
I suggest this because you are never supposed to store user passwords. Its too much of a security risk....people tend to use the same password for everything they do because its easy to remember (even though they aren't supposed to). So leaking this information can be devastating to your users.
Instead you should store a password hash...since the password hash is one way, you can not get the password based on a hash. This secures the users' passwords in case your system gets hacked.
Since you never actually know the password you will have to create a new password for the user and send them that one...then let them change their password once they're logged in.
You should be using System.Web.Security and System.Security.Cryptography to create the password hash which you store in your database...(eg if you use Forms Authentication there's a HashPasswordForStoringInConfigFile function which will create the password for you based on which Cryptography algorithm you want to use...eg "SHA1").
Does this make sense?
-Frinny