How should I implement "Forgot your password" in ASP.NET MVC?

c# asp.net-mvc membership
Sitherax picture Sitherax · Aug 22, 2009 · Viewed 25.8k times · Source

I'm using the standard SqlMembershipProvider that comes with the ASP.NET MVC demo.

I'm interested in implementing a "Forgot your password" link on my site.

What is the correct way for this feature to be implemented? Should I overwrite the password with a temporary one and email it to their registered email?

Answer

Rasik Jain picture Rasik Jain · Aug 23, 2009

Based on the nature of the application, the Best practice for the forgot password should be in following order

  1. Allow the user to verify the Secret/Question for a maximum of 3 to 5 attempts
  2. On successful validation, Send an e-mail with random generated password with a validity of 24hrs.
  3. The e-mail must contain only the password but not both username/password.
  4. When user logs in with temporary password, then user must be forced to create a new password before going to home page.

Related questions

RedirectToAction with parameter

I have an action I call from an anchor thusly, Site/Controller/Action/ID where ID is an int. Later on I need to redirect to this same Action from a Controller. Is there a clever way to do this? …

Read More
HTML.ActionLink method

Let's say I have a class public class ItemController:Controller { public ActionResult Login(int id) { return View("Hi", id); } } On a page that is not located at the Item folder, where ItemController resides, I want to create a link to …

Read More
DropDownList in MVC 4 with Razor

I'm trying to create a DropDownList on a razor view. Would someone help me with this? Normal HTML5 code: <select id="dropdowntipo"> <option value="Exemplo1">Exemplo1</option> <option value="Exemplo2">Exemplo2</…

Read More