4

I am building an MVC4 app in which users will be registered by a site admin. The site admin will enter everything but the password of course. I then generate a token and send via email for them to set their password. However, I don't see a way to create a user without a password. I can either randomly generate one or assign one in the code. What is the best way to handle not having a password at account creation?

EDIT: I used Membership.GeneratePassword for generate the password when I created the account.

Xaxum
  • 3,545
  • 9
  • 46
  • 66

1 Answers1

5

Create a random password and allow them to change once the account is confirmed. Solves a number of problems.

ChrisBint
  • 12,773
  • 6
  • 40
  • 62
  • 1
    For a random password I use `Guid.NewGuid().ToString()` :) – Erik Philips Oct 22 '12 at 21:54
  • Do not user NewGuid() for password generation, they are predictable. Instead use a secure random number generator like `RNGCryptoServiceProvider`. – Paul Jan 16 '13 at 17:09
  • In my case, users have the option to login with a digital certificate. When the admin register a user to use a certificate, the system generate a very strong password and the user will never knows unless the admin changes its profile to enable login with sername/password – Guilherme Longo Feb 02 '13 at 12:43