Introduction: In this article I
am going to explain with example How to get or recover and reset/change/update the password that you forgot or lost by using reset password activation link in email id in asp.net using both C# and VB.Net
languages
Description: In previous related article i explained How to create Login page/form and check username,password in asp.net using sql server database and Create Change password form/page in asp.net using Sql server and Encrypt and decrypt username,password and store in Sql Server database and Check login in asp.net by passing parameter to stored procedure in sql server and Ajax PasswordStrength indicator example in asp.net for password field .And now to recover and reset the forgotten password.
The concept is very simple. Below are the steps to implement the option of resetting the forgotten password:
The concept is very simple. Below are the steps to implement the option of resetting the forgotten password:
- First User will supply his/her Email Id or User Name and click on submit Button.
- Supplied username or email address will be checked against the Sql server database table "Tbl_Login" and if username or email id is matched then a unique random code will be generated and updated in the UniqueCode field of the "Tbl_Login" table.
- Then this generated unique code and the username or email id will be set in the QueryString parameters and a link with this query string will be sent to the email address of the recover password requester.
- Requester will check his email id and click on the reset password activation link. On clicking he will be redirected to the Reset password page from where he can reset his password.
- The activation link is for one time use only. Once the password has been updated, it will not show the panel again to reset password.
Implementation: Lets’ create an
asp.net web application to understand the concept practically.
- Create a Database in Sql Server and name it "MyDataBase" and also create a table in that database with the fields and data type as shown below and name it "Tbl_Login"
Column
Name
|
Data
Type
|
Id
|
Int(primary Key. So set Is Identity=True)
|
UserName
|
varchar(100)
|
EmailId
|
varchar(100)
|
Pwd
|
varchar(50)
|
UniqueCode
|
varchar(100)
|
- In the web.config file create the connection string in the <configuration> tag to connect our application with the Sql server database as:
<connectionStrings>
<add name="conStr" connectionString="Data Source=lalit;Initial Catalog=MyDataBase;Integrated
Security=True"/>
</connectionStrings>
Note: Replace the Data Source and the Initial Catalog(i.e. database name) as per your application.
Note: Replace the Data Source and the Initial Catalog(i.e. database name) as per your application.
- We will create two pages. One page "ForgotPassword.aspx" from where user will supply his email id or username to get the reset password activation link on his email address as shown in first image above. And also another page "ResetPassword.aspx" which will be opened on clicking the reset password link provided in the email id for resetting the password as shown in second image above.
Asp.Net C# Section:
- So add a page and name it “ForgotPassword.aspx” and design the page as:
HTML Source Code:
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>Forgot password ? Recover Password By Email Or User Name example</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<fieldset style="width:380px;">
<legend>Recover Password By Email Or User Name</legend>
<table>
<tr>
<td>UserName : </td><td>
<asp:TextBox ID="txtUserName"
runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td colspan="2"> OR</td>
</tr>
<tr>
<td>Email Id : </td><td>
<asp:TextBox ID="txtEmailId"
runat="server"></asp:TextBox><br />
<asp:RegularExpressionValidator
ID="revEmailId"
runat="server"
ErrorMessage="Please
enter valid email address"
ControlToValidate="txtEmailId"
Display="Dynamic"
ForeColor="Red"
SetFocusOnError="True"
ValidationExpression="\w+([-+.']\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*"></asp:RegularExpressionValidator>
</td>
</tr>
<tr>
<td> </td><td>
<asp:Button ID="btnSubmit"
runat="server"
Text="Submit"
onclick="btnSubmit_Click"
/>
</td>
</tr>
<tr>
<td colspan="2">
<asp:Label ID="lblStatus"
runat="server"
Text=""></asp:Label>
</td>
</tr>
</table>
</fieldset>
</div>
</form>
</body>
</html>
Note: I have also implemented the necessary validations on the textbox controls using asp.net's validation controls.
Asp.Net C# Code to recover and reset the forgotten or lost password
- In the Code behind File (ForgotPassword.aspx.cs) write the code as:
First include the following
required namespaces:
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
using System.Text;
then write the code on Submit
button’s click event as:
protected void btnSubmit_Click(object
sender, EventArgs e)
{
string uniqueCode = string.Empty;
SqlCommand cmd = new
SqlCommand();
SqlDataReader dr;
try
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["conStr"].ConnectionString);
if (con.State == ConnectionState.Closed)
{
con.Open();
}
// get the records matching the supplied
username or email id.
cmd = new SqlCommand("select
* from Tbl_Login where UserName COLLATE Latin1_general_CS_AS=@username or
EmailId COLLATE Latin1_general_CS_AS=@emailId", con);
cmd.Parameters.AddWithValue("@username",
Convert.ToString(txtUserName.Text.Trim()));
cmd.Parameters.AddWithValue("@emailId",
Convert.ToString(txtEmailId.Text.Trim()));
dr = cmd.ExecuteReader();
cmd.Dispose();
if (dr.HasRows)
{
dr.Read();
//generate unique
code
uniqueCode = Convert.ToString(System.Guid.NewGuid());
//Updating an unique random code in then
UniquCode field of the database table
cmd = new SqlCommand("update Tbl_Login set UniqueCode=@uniqueCode where
UserName=@username or EmailId=@emailid", con);
cmd.Parameters.AddWithValue("@uniqueCode",
uniqueCode);
cmd.Parameters.AddWithValue("@username",
txtUserName.Text.Trim());
cmd.Parameters.AddWithValue("@emailid",
txtEmailId.Text.Trim());
StringBuilder strBody = new StringBuilder();
//Passing emailid,username and generated
unique code via querystring. For testing pass your localhost number and while
making online pass your domain name instead of localhost path.
strBody.Append("<a
href=http://localhost:2464/SampleApplication/ResetPassword.aspx?emailId="
+ txtEmailId.Text + "&uName="
+ txtUserName.Text + "&uCode="
+ uniqueCode + ">Click here to change your
password</a>");
// sbody.Append("&uCode=" +
uniqueCode + "&uName=" + txtUserName.Text + ">Click here
to change your password</a>");
System.Net.Mail.MailMessage mail = new System.Net.Mail.MailMessage("SenderEmailIAddress@gmail.com", dr["EmailId"].ToString(), "Reset Your Password", strBody.ToString());
//pasing the Gmail credentials to send the
email
System.Net.NetworkCredential
mailAuthenticaion = new System.Net.NetworkCredential("SenderEmailIAddress@gmail.com",
"SenderPassword");
System.Net.Mail.SmtpClient mailclient = new
System.Net.Mail.SmtpClient("smtp.gmail.com", 587);
mailclient.EnableSsl = true;
mailclient.UseDefaultCredentials = false;
mailclient.Credentials = mailAuthenticaion;
mail.IsBodyHtml = true;
mailclient.Send(mail);
dr.Close();
dr.Dispose();
cmd.ExecuteReader();
cmd.Dispose();
con.Close();
lblStatus.Text = "Reset password link
has been sent to your email address";
txtEmailId.Text = string.Empty;
txtUserName.Text = string.Empty;
}
else
{
lblStatus.Text = "Please enter valid
email address or username";
txtEmailId.Text = string.Empty;
txtUserName.Text = string.Empty;
con.Close();
return;
}
}
catch (Exception
ex)
{
lblStatus.Text = "Error Occured: "
+ ex.Message.ToString();
}
finally
{
cmd.Dispose();
}
}
Note: I have used the COLLATE Latin1_general_CS_AS in the above code to check for the exact username or email id match because COLLATE Latin1_general_CS_AS is used to make the sql queries case sensitive. e.g. if the username is demo and email id is demo@domain.com then if user enters Demo in username or Demo@domain.com in email id field then it will not match and will not fetch the records and a message "Please enter valid email address or username" will be displayed
- Now add another page and name it “ResetPassword.aspx” and design the page as:
HTML Source Code:
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>Reset Password Example</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Panel ID="ResetPwdPanel"
runat="server"
Visible="false"
>
<fieldset style="width:400px">
<legend>Reset Password</legend>
<table>
<tr>
<td>New password: </td><td>
<asp:TextBox ID="txtNewPwd"
runat="server"></asp:TextBox><br />
<asp:RequiredFieldValidator
ID="rfvNewPwd"
runat="server"
ControlToValidate="txtNewPwd"
Display="Dynamic"
ErrorMessage="Please
enter new password" ForeColor="Red" SetFocusOnError="True"></asp:RequiredFieldValidator>
</td>
</tr>
<tr>
<td>Confirm Passsword: </td><td>
<asp:TextBox ID="txtConfirmPwd"
runat="server"></asp:TextBox><br />
<asp:RequiredFieldValidator
ID="rfvConfirmPwd"
runat="server"
ControlToValidate="txtConfirmPwd"
Display="Dynamic"
ErrorMessage="Please
re-enter password to confirm" ForeColor="Red"
SetFocusOnError="True"></asp:RequiredFieldValidator>
<asp:CompareValidator ID="cmvConfirmPwd"
runat="server"
ControlToCompare="txtNewPwd"
ControlToValidate="txtConfirmPwd"
Display="Dynamic"
ErrorMessage="Password
didn't match" ForeColor="Red"
SetFocusOnError="True"></asp:CompareValidator>
</td>
</tr>
<tr>
<td>
</td><td>
<asp:Button ID="btnChangePwd"
runat="server"
Text="Change
Password"
onclick="btnChangePwd_Click"
/></td>
</tr>
<tr>
<td
colspan="2">
<asp:Label ID="lblStatus"
runat="server"
Text=""></asp:Label>
</td>
</tr>
</table>
</fieldset>
</asp:Panel>
<asp:Label ID="lblExpired"
runat="server"
Text=""
style="color: #FF0000"></asp:Label>
</div>
</form>
</body>
</html>
- Now in the code behind file(“ResetPassword.aspx.cs”) write the code as:
First include the following
required namespaces:
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
then write the code on page load
event and change password button’s click
event as:
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["conStr"].ConnectionString);
SqlCommand cmd = new
SqlCommand();
protected void
Page_Load(object sender, EventArgs e)
{
if (!Page.IsPostBack)
{
SqlDataReader dr;
try
{
//Here we will check from the passed
querystring that if the email id/username and generated unique code is same
then the panel for resetting password will be visible otherwise not
cmd = new SqlCommand("select UserName,EmailId,UniqueCode from Tbl_Login where UniqueCode=@uniqueCode and
(EmailId=@emailid or UserName=@username)", con);
cmd.Parameters.AddWithValue("@uniqueCode",
Convert.ToString(Request.QueryString["uCode"]));
cmd.Parameters.AddWithValue("@emailid",
Convert.ToString(Request.QueryString["emailId"]));
cmd.Parameters.AddWithValue("@username",
Convert.ToString(Request.QueryString["uName"]));
if (con.State == ConnectionState.Closed)
{
con.Open();
}
dr = cmd.ExecuteReader();
if (dr.HasRows)
{
ResetPwdPanel.Visible = true;
}
else
{
ResetPwdPanel.Visible = false;
lblExpired.Text = "Reset password link has expired.It was for one time
use only";
return;
}
dr.Close();
dr.Dispose();
}
catch (Exception
ex)
{
lblStatus.Text = "Error Occured: "
+ ex.Message.ToString();
}
finally
{
cmd.Dispose();
con.Close();
}
}
}
protected void
btnChangePwd_Click(object sender, EventArgs e)
{
try
{ //
Here we will update the new password and also set the unique code to null so
that it can be used only for once.
cmd = new SqlCommand("update Tbl_Login set UniqueCode='',Pwd=@pwd where
UniqueCode=@uniqueCode and (EmailId=@emailid or UserName=@username)",
con);
cmd.Parameters.AddWithValue("@uniqueCode",
Convert.ToString(Request.QueryString["uCode"]));
cmd.Parameters.AddWithValue("@emailid",
Convert.ToString(Request.QueryString["emailId"]));
cmd.Parameters.AddWithValue("@username",
Convert.ToString(Request.QueryString["uName"]));
cmd.Parameters.AddWithValue("@pwd",
txtNewPwd.Text.Trim());
if (con.State == ConnectionState.Closed)
{
con.Open();
}
cmd.ExecuteNonQuery();
lblStatus.Text = "Your password has
been updated successfully.";
txtNewPwd.Text = string.Empty;
txtConfirmPwd.Text = string.Empty;
}
catch (Exception
ex)
{
lblStatus.Text = "Error Occured :
" + ex.Message.ToString();
}
finally
{
cmd.Dispose();
con.Close();
}
}
---------------------------------------------------------------------------------------------------
Asp.Net VB Section:
HTML Source Code
- Design the "ForgotPassword.aspx" as described in the C#.Net section but replace the line
<asp:Button ID="btnSubmit"
runat="server"
Text="Submit"
onclick="btnSubmit_Click"
/>
With
<asp:Button ID="btnSubmit"
runat="server"
Text="Submit"
/>
Asp.Net VB Code to recover and change the lost password
- In the code behind file (ForgotPassword.aspx.vb) write the code as:
First of all import the following
namespaces
Imports System.Data
Imports System.Data.SqlClient
Imports System.Configuration
Imports System.Text
Then write the code on Submit button’s click
event as:
Protected Sub btnSubmit_Click(sender As
Object, e As
System.EventArgs) Handles
btnSubmit.Click
Dim uniqueCode As String = String.Empty
Dim cmd As New SqlCommand()
Dim dr As SqlDataReader
Try
Dim con As
New SqlConnection(ConfigurationManager.ConnectionStrings("conStr").ConnectionString)
If con.State = ConnectionState.Closed
Then
con.Open()
End If
' get the records matching the supplied
username or email id.
cmd = New SqlCommand("select * from Tbl_Login where UserName COLLATE
Latin1_general_CS_AS =@username or EmailId COLLATE Latin1_general_CS_AS =@emailId",
con)
cmd.Parameters.AddWithValue("@username",
Convert.ToString(txtUserName.Text.Trim()))
cmd.Parameters.AddWithValue("@emailId",
Convert.ToString(txtEmailId.Text.Trim()))
dr = cmd.ExecuteReader()
cmd.Dispose()
If dr.HasRows Then
dr.Read()
'generate unique code
uniqueCode = Convert.ToString(System.Guid.NewGuid())
'Updating an unique random code in then
UniquCode field of the database table
cmd = New SqlCommand("update Tbl_Login set UniqueCode=@uniqueCode where
UserName=@username or EmailId=@emailid", con)
cmd.Parameters.AddWithValue("@uniqueCode",
uniqueCode)
cmd.Parameters.AddWithValue("@username",
txtUserName.Text.Trim())
cmd.Parameters.AddWithValue("@emailid",
txtEmailId.Text.Trim())
Dim strBody As
New StringBuilder()
'Passing emailid,username and generated unique
code via querystring. For testing pass your localhost number and while making
online pass your domain name instead of localhost path.
strBody.Append(("<a
href=http://localhost:2464/SampleApplication/ResetPasswordVB.aspx?emailId="
+ txtEmailId.Text & "&uName=")
+ txtUserName.Text & "&uCode="
& uniqueCode & ">Click here to
change your password</a>")
' sbody.Append("&uCode=" +
uniqueCode + "&uName=" + txtUserName.Text + ">Click here
to change your password</a>");
Dim mail As
New System.Net.Mail.MailMessage("SenderEmailAddress@gmail.com", dr("EmailId").ToString(), "Reset Your Password",
strBody.ToString())
'pasing the Gmail credentials to send the
email
Dim mailAuthenticaion As New System.Net.NetworkCredential("SenderEmailAddress@gmail.com",
"SenderPassword")
Dim mailclient As
New System.Net.Mail.SmtpClient("smtp.gmail.com", 587)
mailclient.EnableSsl = True
mailclient.UseDefaultCredentials = false
mailclient.Credentials = mailAuthenticaion
mail.IsBodyHtml = True
mailclient.Send(mail)
dr.Close()
dr.Dispose()
cmd.ExecuteReader()
cmd.Dispose()
con.Close()
lblStatus.Text = "Reset password link
has been sent to your email address"
txtEmailId.Text = String.Empty
txtUserName.Text = String.Empty
Else
lblStatus.Text = "Please enter valid
email address or username"
txtEmailId.Text = String.Empty
txtUserName.Text = String.Empty
con.Close()
Return
End If
Catch ex As Exception
lblStatus.Text = "Error Occured: "
& ex.Message.ToString()
Finally
cmd.Dispose()
End Try
End Sub
HTML Source Code:
- Add a new page and name it “ResetPassword.aspx” and design the page as described in the C#.Net section’s "ResetPassword.aspx" but replace the line
<asp:Button ID="btnChangePwd"
runat="server"
Text="Change
Password"
onclick="btnChangePwd_Click" />
with
<asp:Button ID="btnChangePwd"
runat="server"
Text="Change
Password” />
- In the Code behind file (ResetPassword.aspx.vb) write the code as:
First import the required
namespaces
Imports System.Data
Imports System.Data.SqlClient
Imports System.Configuration
Then write the code as:
Dim con As New SqlConnection(ConfigurationManager.ConnectionStrings("conStr").ConnectionString)
Dim cmd As New SqlCommand()
Protected Sub
Page_Load(sender As Object,
e As System.EventArgs)
Handles Me.Load
If Not
Page.IsPostBack Then
Dim dr As
SqlDataReader
Try
'Here we will check from the passed
querystring that if the email id/username and generated unique code is same
then the panel for resetting password will be visible otherwise not
cmd = New SqlCommand("select UserName,EmailId,UniqueCode from
Tbl_Login" & vbTab & "where
UniqueCode=@uniqueCode and (EmailId=@emailid or UserName=@username)",
con)
cmd.Parameters.AddWithValue("@uniqueCode",
Convert.ToString(Request.QueryString("uCode")))
cmd.Parameters.AddWithValue("@emailid",
Convert.ToString(Request.QueryString("emailId")))
cmd.Parameters.AddWithValue("@username",
Convert.ToString(Request.QueryString("uName")))
If con.State = ConnectionState.Closed
Then
con.Open()
End If
dr = cmd.ExecuteReader()
If dr.HasRows Then
ResetPwdPanel.Visible = True
Else
ResetPwdPanel.Visible = False
lblExpired.Text = "Reset password link has expired.It was for one time
use only"
Return
End If
dr.Close()
dr.Dispose()
Catch ex As
Exception
lblStatus.Text = "Error Occured: "
& ex.Message.ToString()
Finally
cmd.Dispose()
con.Close()
End Try
End If
End Sub
Protected Sub
btnChangePwd_Click(sender As Object, e As System.EventArgs) Handles
btnChangePwd.Click
Try
' Here we will update the new password and
also set the unique code to null so that it can be used only for once.
cmd = New SqlCommand("update Tbl_Login set UniqueCode='',Pwd=@pwd where
UniqueCode=@uniqueCode and (EmailId=@emailid or UserName=@username)",
con)
cmd.Parameters.AddWithValue("@uniqueCode",
Convert.ToString(Request.QueryString("uCode")))
cmd.Parameters.AddWithValue("@emailid",
Convert.ToString(Request.QueryString("emailId")))
cmd.Parameters.AddWithValue("@username",
Convert.ToString(Request.QueryString("uName")))
cmd.Parameters.AddWithValue("@pwd",
txtNewPwd.Text.Trim())
If con.State = ConnectionState.Closed
Then
con.Open()
End If
cmd.ExecuteNonQuery()
lblStatus.Text = "Your password has
been updated successfully."
txtNewPwd.Text = String.Empty
txtConfirmPwd.Text = String.Empty
Catch ex As Exception
lblStatus.Text = "Error Occured :
" & ex.Message.ToString()
Finally
cmd.Dispose()
con.Close()
End Try
End Sub
Run the "ForgotPassword.aspx" page and enter username or email id and click on submit button.It will send reset password link on your email id. Check your email and click on the reset password link. You will be redirected to the "ResetPassword.aspx" page from where you can update your password.
Once updated the reset password link will now redirect to the same "ResetPassword.aspx" page but now you will not be able to update the password because it was for one time use only.
Run the "ForgotPassword.aspx" page and enter username or email id and click on submit button.It will send reset password link on your email id. Check your email and click on the reset password link. You will be redirected to the "ResetPassword.aspx" page from where you can update your password.
Once updated the reset password link will now redirect to the same "ResetPassword.aspx" page but now you will not be able to update the password because it was for one time use only.
Now over to you:
"If you like my work; you can appreciate by leaving your comments, hitting Facebook like button, following on Google+, Twitter, Linked in and Pinterest, stumbling my posts on stumble upon and subscribing for receiving free updates directly to your inbox . Stay tuned for more technical updates."
"If you like my work; you can appreciate by leaving your comments, hitting Facebook like button, following on Google+, Twitter, Linked in and Pinterest, stumbling my posts on stumble upon and subscribing for receiving free updates directly to your inbox . Stay tuned for more technical updates."
17 comments
Click here for commentsnice work sir
Replyi was searching for this code from long time thanks ...
ReplyCan u give the any link to download the source code
Replyas other authors do......
I will be thankful to u
thanks for your appreciation..
ReplyI suggest you to read and create your own demo application by following this article..this way you will better understand the flow and the code logic..
Replythankyou sir you are superb
ReplyThanks for appreciating my work..keep reading..
ReplyReally best site for beginners..!!
ReplyThanks for your appreciations..stay connected and keep reading for more useful updates..:)
Replythis way anyone can recover password and any one can change password.....
Replythis way anyone can recover password as well as anyone can set new password
ReplyHello Dinesh..you need to put your "username" or "email id" and it that are matched only then you will receive the link on your "email id" to reset your password. So only you can reset your password not any one..
ReplyNice Article , very helpful for beginners.
ReplyIf u don't mind , can u pls clarify the code & logic for "The activation link is for one time use only. "
Thanks a lot.
ReplyYour welcome kadir Ansari...keep reading for more useful updates like this..:)
ReplyThanks a lot...
ReplyIt works great...
i am glad this article helped you..keep reading for more useful articles like this
ReplyIf you have any question about any post, Feel free to ask.You can simply drop a comment below post or contact via Contact Us form. Your feedback and suggestions will be highly appreciated. Also try to leave comments from your account not from the anonymous account so that i can respond to you easily..