Home   |   QuickStart Welcome   |   ASP.NET   |   Web Services   |   How Do I...?   
  |   I want my samples in...      

ASP.NET 2.0 Quickstart Tutorials

PasswordRecovery

The PasswordRecovery control provides the functionality to retrieve or reset a user�s password based on their username. The information is then emailed to the user. The control does not support displaying the password to the user in their web browser. Security Note: It may be possible for the email containing the user�s password to be intercepted by hackers and thus compromise the user�s account. The PasswordRecovey control uses the Membership service to retrieve or reset the user�s password. The default Membership provider from your configuration file will be used automatically, however you can also set the Membership provider as a property on the control. The PasswordRecovery control honors the following Membership configuration settings:
  • requiresQuestionAndAnswer When set to true the Question view will be required for the user�s password to be retrieved or reset. When set to false the Question view is not displayed to the user.
  • passwordFormat If the passwordFormat is set to hashed, the control will be unable to retrieve the password and will only attempt to reset the password.
  • enablePasswordRetrieval When set to false the control will attempt to reset the password.
  • enablePasswordReset When set to true the password will be reset, if set to false and all retrieval options are also disallowed the control will be unable to recover the password for the user.
The PasswordRecovery control consists of three discrete views which are displayed to the user sequentially. The Username view is the first view shown to the user and it collects and submits the user�s name. The Question view is an optional view that is only displayed if the security question (e.g. pet�s name) is required to retrieve or reset the password. The Success view is an optional view that is displayed when the password has been successfully retrieved or reset for the user. In addition to the success view the control supports redirecting the user to new page if they are successful. Key elements of the PasswordRecovery Control are:
  • Username Label and Textbox: Collects the string used to identify the user in the membership system.
  • Question Label and Answer Textbox: Displays the security confirmation question and collects the answer.
  • SubmitButton: The button that fires the user and question views.
  • SuccessText : Text displayed when the password has been successfully reset.
  • Title and Instruction (Username and Success views): Text to orient and guide the user through the process.
  • Link: Configurable link to help information.
  • Validators: Required field validators for the username and security answer textboxes.
In addition to the visual elements displayed to the user on the web site, the PasswordRecovery control also contains a MailDefintion that determines the content of the email that is sent to the user. The PasswordRecovery control contains a default email message that is sent to the user, however you can customize this behavior and add your own text or html file to be used as the body of the message. If you are creating your own email file the control will automatically insert the user�s username and password for the following strings: < %UserName%> <%Password%> in the designated email file.

Sample Notes:
  • For sample purposes the PasswordRecovery email is not sent in these samples.
  • The samples for this control use Master Pages to provide the information that is used to logon a user. For more information on Master Pages .
  • SECURITY NOTE: The most secure passwordFormat is hashed. The hashed option only supports enablePasswordReset. If you need to enablePasswordRetrieval the most secure format is encrypted. Encypting your password requires a pre-defined machinekey. To enable these samples to run on all machines without machine key configuration and with a consistent password we are using the clear password format. In production you should change this setting in the Membership provider in web.config.

Simple PasswordRecovery Sample

This sample demonstrates the basic PasswordRecovery control behavior when a security question is required by the Membership provider.

VB PasswordRecovery
Run Sample View Source

PasswordRecovery Behaviors

There are a variety of ways to customize the PasswordRecovery control to meet your needs. Some of the means of customization are:
  • MailDefinition: Change the mail message that is sent to your users with their retrieved or reset password.
  • TextLayout: Determines if the text will be displayed on top of the textboxes or on the side.
  • SuccessPageUrl: Determines what web page a user will be redirected to when their password recovery is successful. If there is a SuccessPasswordUrl, the user will not be shown the Success view of the control.
  • HelpLink: Displaying a help link and associated icon.

PasswordRecovery Behaviors Sample

This sample demonstrates the SuccessPageUrl, setting some MailDefinition properties and displaying the HelpLink.

VB PasswordRecovery Behaviors
Run Sample View Source

PasswordRecovery Styles

The PasswordRecovery control supports customizing the look of the control through a series of style properties that control different parts of the control.
  • Control Style: Applies to all sections of the PasswordRecovery control and is merged with other styles set on the control.
  • Label Style: Applies to the username, question and answer labels.
  • TextboxStyle: Applies to the username and question textboxes.
  • TitleTextStyle: Applies to the title text on the different views.
  • SuccessTextStyle: Applies to the text on the success views.
  • InstructionTextStyle: Applies to the instruction text.
  • HyperlinkStyle: Applies to the help link.
  • SubmitButtonStyle: Applies to the buttons on username and question views.
  • FailureTextStyle: Applies to the text returned if the membership system fails to reset or retrieve the password.
  • ValidatorTextStyle: Applies to the text displayed if the required field valuators fail.

PasswordRecovery Styles Sample

This sample demonstrates a variety of the style properties.

VB PasswordRecovery Styles
Run Sample View Source

PasswordRecovery Templates

The PasswordRecovery control is a composite control which unites child controls (e.g. textboxes, buttons) and additional logic (calling Membership, handling errors) to implement the PasswordRecovery functionality. For even more control over the display of the PasswordRecovery control you can template the control. To ensure that the PasswordRecovery control continues to function when it is templated, your control must use well known control IDs or command names for some of the child controls. In addition to the key controls required for functionality (e.g. textboxes) additional controls with well known IDs are supported and will be automatically hooked up to the PasswordRecovery functionality. Here is a list of control IDs and command names that are used in template editing mode:
  • ID=UserName
  • ID=Password
  • ID=Question
  • ID=Answer
  • ID=FailureText
  • CommandName=Submit This control can have any control ID but must support command bubbling.
You can add additional functionality to the PasswordRecovery control through templating. For example, you can collect additional information from the user by adding additional controls to the template.

PasswordRecovery FindControl Template Sample

This sample contains a basic templated PasswordRecovery (no fancy styles) which collects an additional piece of information in the UserNameTemplate. The sample shows how to find and retrieve the information from the DropDownList and write it to a label.

VB PasswordRecovery Templates
Run Sample View Source