Recovering Forgot Password by Send Reset Link in Asp.net

Introduction: In this article I have explain how we can Send Password Reset Link in Asp.net for one time use only.

Description:

In the last article I have explained Integrate Facebook Login authentication to website, How to Create Login Form in Asp.net OR Login Form with Check Username and Password aviabilty in Asp.net and How to Send an Email with Verification link to user in Asp.net after registration.

I create table USER_REGISTRATION:

ID	int
USERNAME	varchar(50)
FIRST_NAME	varchar(50)
LAST_NAME	varchar(50)
SEX	varchar(50)
EMAIL_ID	varchar(50)
PASSWORD	varchar(50)
CHANGE_PASSWORD_STATUS	bit

After that add a new webform to project and design the .aspx page as mention below:

<table align="center">

        <tr><td>Email:</td><td>

        <asp:TextBox ID="txtemail" runat="server" Width="150px"></asp:TextBox>

            <asp:RequiredFieldValidator ID="rfvemail" runat="server"

                ErrorMessage="Please Enter Email" ControlToValidate="txtemail"

                ForeColor="Red"></asp:RequiredFieldValidator>

            </td></tr>

        <tr><td>&nbsp;</td><td>

            <asp:Button ID="btnsend" runat="server" Text="Send" onclick="btnsend_Click" /></td></tr>

        </table>

Note: Please do not forget to add ConnectionString in web.config file:

<connectionStrings>

    <add name="con" connectionString="Data Source=SYS-1F78031ED0A;Initial Catalog=TestBlog;Integrated Security=True" /> 

  </connectionStrings>

Now on button click write the below given code (.aspx.cs):

using System.Data;

using System.Data.SqlClient;

using System.Configuration;

using System.Net.Mail;

using System.Text;

SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["Connection"].ToString());

    DataTable dt = new DataTable();   

protected void btnsend_Click(object sender, EventArgs e)

    {

        try

        {

            SqlDataAdapter adp = new SqlDataAdapter("select * FROM USER_REGISTRATION where EMAIL_ID=@EMAIL_ID", con);

            con.Open();

            adp.SelectCommand.Parameters.AddWithValue("@EMAIL_ID", txtemail.Text);

            adp.Fill(dt);

            if (dt.Rows.Count > 0)

            {               

                SqlCommand cmd = new SqlCommand("Update USER_REGISTRATION set CHANGE_PASSWORD_STATUS=1 where EMAIL_ID='"+txtemail.Text+ "'", con);              

                cmd.ExecuteNonQuery();              

                SendEmail();               

                Messagebox("Password Reset Link Send to Your Email Please Check the Email");

                con.Close();

                cmd.Dispose();

                txtemail.Text = "";

            }

        }

        catch (Exception ex)

        {

        }

    }

    private void SendEmail()

    {

        try

        {

            StringBuilder sb = new StringBuilder();

             sb.Append("Hi,<br/> Click on below given link to Reset Your Password<br/>");

            sb.Append("<a href=http://localhost:1207/NEW_WEBSITE_APPLICATION%2818-07-2013%29/Reset_Link.aspx?username=" + GetUserID(txtemail.Text));

            sb.Append("&email=" + txtemail.Text + ">Click here to change your password</a><br/>");

            sb.Append("<b>Thanks</b>,<br> Support Team");

            MailMessage message = new System.Net.Mail.MailMessage("Sender Email Address", txtemail.Text.Trim(), "Reset Your Password", sb.ToString());

            SmtpClient smtp = new SmtpClient();

            smtp.Host = "smtp.gmail.com";

            smtp.Port = 587;

            smtp.Credentials = new System.Net.NetworkCredential("Sender Email Address", "Password");

            smtp.EnableSsl = true;

            message.IsBodyHtml = true;

            smtp.Send(message);

        }

        catch (Exception ex)

        {

        }

    }

    private string GetUserID(string Email)

    {

        SqlCommand cmd = new SqlCommand("SELECT USERNAME FROM USER_REGISTRATION WHERE EMAIL_ID=@EMAIL_ID", con);

        cmd.Parameters.AddWithValue("@EMAIL_ID", txtemail.Text);

        string USERNAME = cmd.ExecuteScalar().ToString();

        return USERNAME;

    }

    private void Messagebox(string Message)

    {

        Label lblMessageBox = new Label();

        lblMessageBox.Text =

            "<script language='javascript'>" + Environment.NewLine +

            "window.alert('" + Message + "')</script>";

        Page.Controls.Add(lblMessageBox);

    }

In VB (.aspx.vb)

Imports System.Data

Imports System.Data.SqlClient

Imports System.Configuration

Imports System.Net.Mail

Imports System.Text

Dim con As New SqlConnection(ConfigurationManager.ConnectionStrings("Connection").ToString())

    Dim dt As New DataTable()

    Protected Sub btnsend_Click(ByVal sender As Object, ByVal e As EventArgs)

        Try

            Dim adp As New SqlDataAdapter("select * FROM USER_REGISTRATION where EMAIL_ID=@EMAIL_ID", con)

            con.Open()

            adp.SelectCommand.Parameters.AddWithValue("@EMAIL_ID", txtemail.Text)

            adp.Fill(dt)

            If dt.Rows.Count > 0 Then

                Dim cmd As New SqlCommand("Update USER_REGISTRATION set CHANGE_PASSWORD_STATUS=1 where EMAIL_ID='" + txtemail.Text & "'", con)

                cmd.ExecuteNonQuery()

                SendEmail()

                Messagebox("Password Reset Link Send to Your Email Please Check the Email")

                con.Close()

                cmd.Dispose()

                txtemail.Text = ""

            End If

        Catch ex As Exception

        End Try

    End Sub

Private Sub SendEmail()

        Try

            Dim sb As New StringBuilder()

            sb.Append("Hi,<br/> Click on below given link to Reset Your Password<br/>")

            sb.Append("<a href=http://localhost:1207/NEW_WEBSITE_APPLICATION%2818-07-2013%29/Reset_LinkVB.aspx?username=" & GetUserID(txtemail.Text))

            sb.Append("&email=" + txtemail.Text & ">Click here to change your password</a><br/>")

            sb.Append("<b>Thanks</b>,<br> Support Team")

            Dim message As MailMessage = New System.Net.Mail.MailMessage("Sender Email Address", txtemail.Text.Trim(), "Reset Password", sb.ToString())

            Dim smtp As New SmtpClient()

            smtp.Host = "smtp.gmail.com"

            smtp.Port = 587

            smtp.Credentials = New System.Net.NetworkCredential("Sender Email Address", "Password")

            smtp.EnableSsl = True

            message.IsBodyHtml = True

            smtp.Send(message)

        Catch ex As Exception

        End Try

    End Sub

    Private Function GetUserID(ByVal Email As String) As String

        Dim cmd As New SqlCommand("SELECT USERNAME FROM USER_REGISTRATION WHERE EMAIL_ID=@EMAIL_ID", con)

        cmd.Parameters.AddWithValue("@EMAIL_ID", txtemail.Text)

        Dim USERNAME As String = cmd.ExecuteScalar().ToString()

        Return USERNAME

    End Function

    Private Sub Messagebox(ByVal Message As String)

        Dim lblMessageBox As New Label()

        lblMessageBox.Text = "<script language='javascript'>" + Environment.NewLine & "window.alert('" & Message & "')</script>"

        Page.Controls.Add(lblMessageBox)

    End Sub

Now add another webform to project name Reset_Password.aspx. darg  and drop the textbox and button control from Toolbox and desgin .aspx as mention below:

<asp:Panel ID="Reset_Expire" runat="server">

         <table align="center"><tr><td>

        <b>Link Expired it's Only One Time Useable to Change password <a href="http://localhost:1207/NEW_WEBSITE_APPLICATION%2818-07-2013%29/Reset_Password.aspx">Click Here</a></b>

         </td></tr></table>

        </asp:Panel>

<asp:Panel ID="Reset_Password" runat="server" Visible="false">

            <table align="center">

                <tr>

                    <td>

                        Enter Your New Password:</td>

                    <td>

                        <asp:TextBox ID="txtpassword" runat="server" TextMode="Password"></asp:TextBox>

                        <asp:RequiredFieldValidator ID="RequiredFieldValidator1" runat="server"

                            ControlToValidate="txtpassword" ErrorMessage="Please Enter Password"

                            ForeColor="Red"></asp:RequiredFieldValidator>

                    </td>

                </tr>

                <tr>

                    <td>

                        Retype Password</td>

                    <td>

                        <asp:TextBox ID="txtconfirmpassword" runat="server" TextMode="Password"></asp:TextBox>                      

                        <asp:RequiredFieldValidator ID="RequiredFieldValidator2" runat="server"

                            ControlToValidate="txtconfirmpassword" ErrorMessage="Please Confirm Password"

                            ForeColor="Red"></asp:RequiredFieldValidator>

                    </td>

                </tr>

                <tr>

                    <td>

                        &nbsp;</td>

                    <td>

                        <asp:Button ID="btnchange" runat="server"

                            Text="Change Password" onclick="btnchange_Click" />

                    </td>

                </tr>              

            </table>      

        </asp:Panel>

On .aspx.cs page write the below given code:

using System.Data.SqlClient;

using System.Text;

using System.Configuration;

using System.Data;

SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["Connection"].ToString());

    protected void Page_Load(object sender, EventArgs e)

    {

        try

        {

            SqlDataAdapter adp = new SqlDataAdapter("Select * from USER_REGISTRATION where CHANGE_PASSWORD_STATUS=1", con);

            adp.SelectCommand.Parameters.AddWithValue("@USERNAME", Request.QueryString["USERNAME"].ToString());

            DataTable dt = new DataTable();

            adp.Fill(dt);

            if (dt.Rows.Count > 0)

            {

                Reset_Password.Visible = true;

                Reset_Expire.Visible = false;

                return;

            }

            else

            {

                Reset_Password.Visible = false;

                Reset_Expire.Visible = false;

            }

        }

        catch (Exception ex)

        {

        }

    }

   

protected void  btnchange_Click(object sender, EventArgs e)

{

 try

        {

            if (txtpassword.Text == txtconfirmpassword.Text)

            {

                string query = "Update USER_REGISTRATION set CHANGE_PASSWORD_STATUS=0, PASSWORD='" + txtpassword.Text + "' where EMAIL_ID=@EMAIL_ID";

                SqlCommand cmd = new SqlCommand(query, con);

                cmd.Parameters.AddWithValue("@EMAIL_ID", Request.QueryString["email"].ToString());

                con.Open();

                cmd.ExecuteNonQuery();

                cmd.Dispose();

                con.Close();

                txtpassword.Text = "";

                txtconfirmpassword.Text = "";

                Messagebox("Password Change Successfully");

            }

            else

            {

                Messagebox("Password Not Match");

            }

        }

        catch (Exception ex)

        {

        }

}

private void Messagebox(string Message)

{

    Label lblMessageBox = new Label();

    lblMessageBox.Text =

        "<script language='javascript'>" + Environment.NewLine +

        "window.alert('" + Message + "')</script>";

    Page.Controls.Add(lblMessageBox);

}

In VB (.aspx.vb)

Imports System.Data.SqlClient

Imports System.Text

Imports System.Configuration

Imports System.Data

Dim con As New SqlConnection(ConfigurationManager.ConnectionStrings("Connection").ToString())

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load

        Try

            Dim adp As New SqlDataAdapter("Select * from USER_REGISTRATION where CHANGE_PASSWORD_STATUS=1", con)

            adp.SelectCommand.Parameters.AddWithValue("@USERNAME", Request.QueryString("USERNAME").ToString())

            Dim dt As New DataTable()

            adp.Fill(dt)

            If dt.Rows.Count > 0 Then

                Reset_Password.Visible = True
                            Reset_Expire.Visible = False

                Return

            Else

                Reset_Password.Visible = False
                            Reset_Expire.Visible = False

            End If

        Catch ex As Exception

        End Try

    End Sub

    Protected Sub btnchange_Click(ByVal sender As Object, ByVal e As EventArgs)

        Try

            If txtpassword.Text = txtconfirmpassword.Text Then

                Dim query As String = "Update USER_REGISTRATION set CHANGE_PASSWORD_STATUS=0, PASSWORD='" + txtpassword.Text & "' where EMAIL_ID=@EMAIL_ID"

                Dim cmd As New SqlCommand(query, con)

                cmd.Parameters.AddWithValue("@EMAIL_ID", Request.QueryString("email").ToString())

                con.Open()

                cmd.ExecuteNonQuery()

                cmd.Dispose()

                con.Close()

                txtpassword.Text = ""

                txtconfirmpassword.Text = ""

                Messagebox("Password Change Successfully")

            Else

                Messagebox("Password Not Match")

            End If

        Catch ex As Exception

        End Try

    End Sub

    Private Sub Messagebox(ByVal Message As String)

        Dim lblMessageBox As New Label()

        lblMessageBox.Text = "<script language='javascript'>" + Environment.NewLine & "window.alert('" & Message & "')</script>"

        Page.Controls.Add(lblMessageBox)

    End Sub

Run the project and check the result. If this article help you than please comment .