How to implement token to reset password?

Question

How to implement token to reset password?

Navigation

#1 by (4 votes)

3

I have an Asp.Net MVC project that I created without template (from scratch).
I would implement a function to recover password, but I'm not sure where to start.

What method is used to generate a secure Token that expires in a determined time? And what is the best way to generate a link with it?

I need to store the Token in the database or it is "alive" in the server memory by the given time?

When accessing the Token link, how do you validate it?

c# asp.net-mvc

asked by anonymous 23.09.2015 / 16:00

1 answer

How do I reposition the menu bar below the header? Add field when clicking button

score 4 · Accepted Answer

First you will need a table to store the password change requests, let's call it password_change_requests and you will need the following information.

Table id (recommended to be a GUID)

User Id

Time to expire

After creating this table your process should work as follows;

In the login screen it is recommended to have a "Forgot Password?" link, where the user will be taken to a page where he will enter his login or email and will have a "Continue" button.

After clicking "Continue" the system will save the user id in the password_change_requests table and will send an email to the user by passing the password_change_requests table id as a parameter in the url: link {id of the password_change_requests table}

When entering the page to register a new password the system will check if the id passed by query string exists in the password_change_requests table and if it is not expired.

If everything is in order the user can change his password.

After entering the new password you should delete this registry, thus preventing it from being used again.