I have a PasswordRecovery control set up on an ascx control as shown below. In some cases users have gotten two emails with different passwords sent at the same time. They're insistent that they haven't hit the button twice. I am using the CSSFriendly adapters, so I can take that off and see if it corrects the problem. Otherwise I suppose I could put this on the aspx page rather than a control.
I am new to asp.net 4.0 and I am having a hard time changing the PasswordRecovery to email instead of username. here is my aspx page (the page won't hit the vb code unless i enter the username not the email)
Is it possible to use the PasswordRecovery control to recover a password using the email address instead of the user name?
Ideally I'd like to have the PasswordRecovery control allow users to enter their email address instead of their user name and then proceed to answer the security question.
I am using the ASP.NET membership provider controls (ChangePassword and PasswordRecovery) and they generally work just fine. Unfortunately they don't send any emails once the process is finished. I set up the SMTP server using the ASP.NET Configuration Website and it added the following lines to the web.config:
I also tried using the IP adress of the server instead of the domain. In addition to that I set the maildefinition properties on the used web controls:
<MailDefinition From="maildaemon@pagetailors.de" Subject="Your new password"> </MailDefinition>
Once I finish changing or resetting the password, the controls shows the success message. It does not show any errors but the mails are not sent. I also checked the SMTP log files on the server (it's a MailEnable server) but couldn't even find an attempt to send these messages. I am using a custom email helper class which manually sends an email using the following settings:
public static void SendEmail(string from, string to, string subject, string body) { SmtpClient mailClient = new SmtpClient(ConfigReader.GetStringValue("MailServer")); mailClient.Credentials = new NetworkCredential(ConfigReader.GetStringValue("MailUsername"), ConfigReader.GetStringValue("MailPassword")); MailMessage mailMessage = new MailMessage(from, to, subject, body); mailClient.Send(mailMessage); }
The values for mailserver, username and password read from the config file are the same as defined in the ASP.NET configuration tool. These mails are delivered successfully.
Having spent considerable amount of time in ASP.NET security community I would like to share this.
There are three ways of resetting and changing passwords explained at
Microsoft ASP.NET site[URL]
Step 1: Helping Users Recover Lost Passwords Step 2: Changing Passwords Step 3: Allowing Administrators to Change Users' Passwords
In step 1 and step 2 end user passwords are sent by an email.
In Step 3: functionality is explained where administror changing the password and sending through email msg. refer "I encourage those readers interested in this functionality to become more familiar with the code and try extending the functionality to include sending an email to the user whose password was changed. Query
Is Sending passwords by emial secure enough or best security password at all? I have implemented functionality where Admin sending passwords to end users by changing once in 3 months. End users expressed their views that sending passwords by email is not secure. When there is security threat in sending passwords by email, Microsoft security experts should not emailing passwords in above mentioned article, which is still up to date.
I'm building a forgot password feature for my first secure backend.
I want to email a url containing an encrypted parameter to the user which will lead them to a password reset form that can only be accessed via the url with the encrypted parameter.
But what if the email gets intercepted?? then anyone who intercepts it will have the link to the reset page.
Is there a way I can send a secure email? I know nothing about email really. Is it even possible to send a secure email? Can I encrypt the email, will that help? But if it is encrypted then how does the recipient read it?
I'm building a website for a client on which they want site visitors to be able to fill out a form with the relevant information along with their credit card details, and when they submit the form, the information will be sent to the client in an email. This is an experimental services that they're offering so they're not interested in real time credit card processing yet. If I just zip the collected data up into a password protected zip file, and send that in an email to the client, would it be secure? Or do I have to go further than that to secure the data?
I was curious how some of you are sending out an email to a new user, are you sending more then one email with username and link in one and then the password in another, are you sending everything in one email, are you sending an email to the new user at all?I'm curious because my web site is not a self registering web site, Only a supervisor can create a new user and then that user gets an email. I'm trying to figure out the best way to send the new user an email with their credentials to the site.the users are outside users (vendors) though their username is created by an internal employee
I'm working on a project in VS 2010 that was created in VS 2005 & 2008. I am using the standard PasswordRecovery control. When a goes through the password recovery process, everything appears to be normal. They enter their user name, have to answer the security question, then the "Your password has been sent to you" message is displayed. But, the email is never received. I have tried user names with several different email addresses, but no messages are received. What is a good way to debug this? Here are my settings:
In web.config: <appSettings> <!-- The following line is set up for Gmail (otherwise, value="localhost") --> <add key="MailServer" value="[URL]"/>...
I was wondering if someone can direct me to a good quality tutorial on the process of registering and sending an activation link to the user's email address. I can't seem to find any useful tutorials online!
I want get code for how to stop sending mail when email format is wrong in password recovery control and getting error message and also how to getting error message, means how to stop that.
I have a password recovery control on my login page. I want to have it send the user specified (and after question/answer filled out correctly) password in an email. I keep throwing an error though, saying that the SMTP needs authentication. I've used a lot of email capabilities in my application, but I set all the SmtpClient properties programmatically, so I never had to rely on system.net mailSettings section of the web.config file. But now I am relying on it, because I am not intercepting any events (unless that would be easiest) of the password recovery control. Here is my system.net excerpt from my web.config file:
[Code]....
What am I not doing here to specify SMTP authentication? Why am I throwing this error? I'm putting my credentials in there with username and password. Am I not configuring the PasswordRecovery control correctly?
I'm using asp.net's built-in membership provider with security question-and-answer enabled for password recovery against a SQL Server 2005 db. For some users, this works fine and they're able to receive their passwords. For others, and it's not clear what separates the two groups, the security answer is never properly processed. It doesn't matter if the answer is correct or incorrect, the page merely reloads without confirming or denying the request.As for events, VerifyingAnswer is being triggered, but not AnswerLookupError (if answer is incorrect) or SendingMail (if answer is correct). I ran a SQL trace during one instance, and the aspnet_Membership_GetUserByName stored procedure is being called, but nothing else gets called after. I would expect that aspnet_Membership_GetPassword would be called, which passes the security answer as a parameter, but it isn't.
I have asked the following question multiple times but did not receive any proper reply.
I have a web page which is using PasswordRecovery control.
Its working fine but I have a scenario in which I have to disable Viewstate for the whole application.
Now after disabling viewstate when I visit the webpage I have noticed that PasswordRecovery controls is not working (Every times when I submit the default button to go to step 2, the postback occur but not moving to step 2).
I have set a job in sql server 2008 to send reminder emails for product expiration. Now I want a report which will specify the list of the emails sent with the email status details like queued ,sent,delivered, failed.
I can fetch the emails that are sent by querying the like following
select * from sysmail_mailitems SM inner join sysmail_profile SP on SM.Profile_Id = SP.Profile_Id and SP.Name ='ReminderProfile'
The problem is only getting a perfect status of email whether it is delived or failed. How I can get those status ?
i have an aspx page, that takes in user data (name, number & email) after that information gets submitted to me, I need to send an email to their input email, with a message of confirmation.
I am sending an email for forgot password to the user. i have formatted the body text of Email but when i have checked that email, it is coming without any formatting.
here is the formatting code which i am sending as a string.....
have code on a web form -- when you hit the button "send emails", it executes this sub which reads an SQL database table and sends emails one by one -- however I get this error above -- anyway to check it and skip to the next email? Some emails in my table have name@test.co.il for example, so it seems this causes this error.
I'm customizing the look and feel of the PasswordRecovery control. The problem is this. I've already set the "Search" button on my site as the default button. I've noticed that all the buttons used in customizing PasswordRecovery use "Button" as their IDs. So in my Page_Load() event, I tried this.Form.DefaultButton = pr1.FindControl("Button").UniqueID; where pr1 is the PasswordRecovery control. But I keep getting "Object reference not set to an instance of an object" error where I try to set Button as the default button.How do I make sure that the user can actually hit "Enter" to use PasswordRecovery as opposed to having to click the buttons?
how to make this work (I assume that no code behind is needed to make this work in its simplest form?).After user correctly answers the security question and presses submit, no email is sent. No message is displayed. Nothing. What is missing?
For reasons to long to go in to I have to change the behaviour/appearance of the Success page on our password recovery page.
We've been tasked with making the Success template identical to the UserName template i.e. with a label and text box for UserName and identical messages on both pages.
Basically our client wants no difference between successful password retireval and failure - the same message will display regardless e.g. "An email has been sent to <username> with your password."
Which reminds me - in the success/failure message they'd like the entered UserName to appear but I can only get it to appear if it's a valid username - if it's nonsense the UserName is blank.
