You, as software engineer, can use the PasswordRecovery control to solve the issues with all users who have forgotten their passwords. This control queries the user name from the user and afterward automatically displays the password question stored for the user in the credential store. If the user provides the correct for the password question, the password is mailed automatically to the e-mail address configured for the user. The next picture shows the PasswordRecovery control in action:
The PasswordRecovery control includes three customizable view modes:
1. The user has to enter his user name. When the user clicks the submit button, the control queries the password question through the membership API from the underlying credential store.
2. A question is then displayed, and the user is requested to enter the correct answer. When the user enters the correct answer, an automatically generated password or the stored password is sent to the user’s e-mail address specified during the registration process (or when the user was created through the WAT).
3. A confirmation view is displayed if e-mail is sent successfully. Any mail configuration takes place through the control’s properties, as you can see below.
The password can be sent to the user only if it is not hashed. Therefore, the membership provider must be configured in a way that it stores the passwords either encrypted or in clear-text format. If the membership provider stores the password in a hashed form, it automatically generates a new, random password and sends the new password in the e-mail. The next code snippet shows how to use MailDefinition subelement of the PasswordRecovery control to set basic properties:
<asp:PasswordRecovery ID=”PasswordRecoveryCtrl” runat=”server”BackColor=”Azure” BorderColor=”Black” BorderStyle=”solid”><MailDefinition From=”firstname.lastname@example.org”Subject=”Forgotten Password”Priority=”high” /><TitleTextStyle Font-Bold=”true” Font-Italic=”true” BorderStyle=”dotted” /><TextBoxStyle BackColor=”Yellow” BorderStyle=”double” /><FailureTextStyle Font-Bold=”true” ForeColor=”Red” /></asp:PasswordRecovery>
Note: Through the BodyFileName of theMailDefinition subelement, you can specify the name of a file containing the e-mail text. This file has to be in the same directory as the page where the control is hosted. If the control is hosted within another user control, the file has to be in the directory of the user control’s host page.
The control requires an e-mail SMTP server for sending the e-mail message. It relies on the SmtpClient class in the System.Net.Mail namespace, which you can use in any type of application. You can configure this class in the <system.net> configuration section of your application’s configuration file. Therefore, you have to configure the SMTP mail server in your web.config file, as follows:
<system.net><mailSettings><smtp deliveryMethod=”Network” from=” email@example.com”><networkhost=”localhost”port=”25″defaultCredentials=”true” /></smtp></mailSettings></system.net>
The PasswordRecovery control supports different style properties for specifying formatting and layout options for the different parts of the control The control raises several different events during the password recovery process. You can handle these events if you want to customize the actions completed by the control. The next table lists these events:
Raised before the control starts validating the user name entered. Validating the user name means looking for the user in the membership store and retrieving the password question information.
If the user name entered in the user name text box doesn’t exist in the membership store, this event is raised before the failure text is displayed.
When the user clicks the submit button in the second step, the answer for the question is compared to the one stored in the membership store. This event is raised before this action takes place.
If the answer provided by the user is not correct, this event is raised by the control.
This event is raised by the control after the answer submitted by the user has been identified as the correct answer and before the e-mail is sent through the mail server.
If the e-mail cannot be sent for some reason (for example, the mail server is not available), this event is raised by the control.
You can use these events for preparing information before that information gets processed by the control. The next scenarios give more information about that:
– You can modify all letters in the user name before the control compares contents with the data stored in the membership store in the VerifyingUser event.
– You can use the VerifyingAnswer for preprocessing information before it gets processed by the control
Note: Both events get event arguments of type LoginCancelEventArgs, which contains a Cancel property. If you set this property to true, you can cancel the whole processing step.
– By handling SendingMail event you can modify the contents of the e-mail messages before the control actually sends the e-mail to the user. The passed MailMessageEventArgs contains a Message property that represents the actual e-mail message. By modifying the Message’s properties, such as the Attachments collection, you can add attachments, configure a CC address, or do anything else related to the e-mail message.