Using the PasswordRecovery Control With ASP.NET 4.0

In this tutorial we will explore ASP.NET's PasswordRecovery Control by configuring an email to send our user their password.

Creating a New Account
At this point in the tutorial I have created a new ASP.NET Empty Web Site in Microsoft Visual Web Developer and have added in a blank Web Form. Next, we want to create an account that we can recover a pasword with:

1. Click the ASP.NET Configuration icon in the Solution Explorer to open up the ASP.NET Website Administration Tool.
2. In the ASP.NET Website Administration Tool click the Security tab.
3. Under the Users header click the Select authentication type link.
4. Select From the internet and click Done.
5. Under the Users header click the Create Users link.
6. Create a new user and click Done.
7. Close the ASP.Net Website Administration Tool.

Need help with Windows Dedicated Hosting? Try Server Intellect. I'm a happy customer!

Adding the PasswordRecovery Control
What we want to do now is add a PasswordRecovery Control to our blank Web Form that we added. To do this, open up your blank Web Form into Design mode:

1. Expand the Login tab in your toolbox.
2. Drag and drop a PasswordRecovery Control onto your Web Form.

What you see now is a simple prompt for a Username and a Submit button. If you expand the PasswordRecovery Tasks menu,

you will see a Dropdown menu labeled Views that contains three different Views. These different Views are the steps to filling out our Password Recovery Control. First it asks for a Username, then the Security Question that you created when you made the account, and finally a Success view that shows you a message explaining that the PasswordRecovery was successful.

If you were to fill this form out right now using the account that you created earlier, you will receive and error message because we have not configured an email account to actually send the email containing the users password yet.

Server Intellect assists companies of all sizes with their hosting needs by offering fully configured server solutions coupled with proactive server management services. Server Intellect specializes in providing complete internet-ready server solutions backed by their expert 24/365 proactive support team.

Configuring SMTP Settings
What we are going to do now is use one of our preexisting email accounts to send the email to our user containing their password. What I have done for this is setup a new Gmail account which I will be configuring here, but it is important to understand that the SMTP settings will be different based on your email provider. I chose Gmail because their SMTP settings are readily available on the internet. As you go through this just use the correct settings for whatever email it is you are using.

To configure our SMTP Settings:

1. Click the ASP.NET Configuration icon in the Solution Explorer to open up the ASP.NET Website Administration Tool.
2. In the ASP.NET Website Administration Tool click the Application tab.
3. Under the SMTP Settings header, click the Configure SMTP e-mail settings link.
4. Under the Configure SMTP Settings header, configure the following properties.
5. Server Name, the SMTP of your email provider, in my case smtp.gmail.com.
6. Server Port, the Port of your email provider, in my case 587.
7. From, the email you will be using, in my case PWRecoveryTutorial@gmail.com.
8. Under Authentication, choose Basic
9. Sender's user name, the username we use to login to the email we are using, in my case PWRecoveryTutorial@gmail.com.
10. Sender's password, the password we use to login to the email account we are using here.
11. Click Save.
12. Close the ASP.NET Website Administration Tool.

What this actually does is provide a nice user-friendly view of these options and then stores the changes you make in your Web.Config file. Go ahead and open up your Web.Config file from the Solution Explorer. Here you should see something similar to this:

<mailSettings>     <smtp from="PWRecoveryTutorial@gmail.com">         <network host="smtp.gmail.com" password="xxxx" port="587"         userName="PWRecoveryTutorial@gmail.com" />     </smtp>   </mailSettings>

You will notice that the options we configured were added in here. For the email provider I am using, I am required to enable SSL (Secure Sockets Layer) for me to be able to actually send these emails out. To do this I am simply going to add enableSsl="true" in the network tag. So now my mail settings look like:

<mailSettings>     <smtp from="PWRecoveryTutorial@gmail.com">         <network host="smtp.gmail.com" password="xxxx" port="587"         userName="PWRecoveryTutorial@gmail.com" enableSsl="true" />     </smtp>   </mailSettings>

Note that yours will appear differently based on your email provider and that you don't have to enable SSL unless your email provider requires it.

We are using Server Intellect and have found that by far, they are the most friendly, responsive, and knowledgeable support team we've ever dealt with!

Testing
Now it is time to test this out. What we expect to see is that when valid user information is provided, an email is sent from the account we setup in the SMTP setting to the valid user's email address. To do this, load up your website and enter the information from the account you created earlier into our PasswordRecovery Control. Once complete you should be taken to the Success View which informs us that our email has been sent. Then go ahead and check your email that was associated with the user account you entered to make sure that your new password has been received.

I received this email:

'Please return to the site and log in using the following information.
User Name: admin
Password: nKaU7=oJ#DZF5r'

What has happened here, because the passwords in our database holding our users information are encrypted by default, the password to the user account I entered has been changed to the new password sent to me here.

The Web Form source looks like this:

<body>     <form id="form1" runat="server">     <div>         <asp:PasswordRecovery ID="PasswordRecovery1" runat="server"              onsendmailerror="PasswordRecovery1_SendMailError">             <MailDefinition From="PWRecoveryTutorial@gmail.com" Subject="Password Recovery">             </MailDefinition>         </asp:PasswordRecovery>     </div>     </form> </body>