From a customer we get a lot of password reset requests (expired or lost). I have thinked about a automatically solution:
What are you think about this solution? Is it save or are there better ways? And when yes, have an idea how to solve that?
Thank you in advance.
What you are looking for is called self-service password reset. It even has an acronym (SSPR) and is part of identity and access management.
Loads of vendors publish solutions for this, and though product recommendations are not on-topic here, vendors include IBM, Hitachi ID Systems, Microsoft, and Courion.
Usually this is the cheapest and most basic offering. However, most of the time this functionality is based on secondary credentials (most often security questions, or "do you know the password for your account on anything?").
At least one of the vendors I mentioned above offer a ready-built solution very similar to what you're talking about, though working with phones is considerably less common among those products.
Of course, doing this changes your security footprint. If you can ensure the portal is accessible from only inside the enterprise (this is actually very hard), your phone number list is up to date, and the phones are secure against theft (or are internal wireline phones), this is easier. If the phones are employees' personal mobile phones, the weakest link in your system becomes the theft or compromise of one of those. Be sure you're OK with that before you proceed.
Keep in mind also that the required compromise for a helpdesk password reset is usually just social engineering, and possibly knowing the answers to questions your helpdesk people might ask (if any), so it isn't especially likely for SSPR to be your weakest link. This is an often-overlooked security failing in enterprises.
Building this out yourself with asp.net and lync is usually not a good plan. You'll be trusting that service with an account that can reset passwords on almost any other account, and so it's an extremely big target for compromise. I would be loathe to trust some scripts I quickly hacked together that much.