We use email address instead of user id. But when the user enters his email address into the password recovery form and submits it, the site returns "We were unable to access your information. Please try again." and replaces the email value in the text box with a long string of characters and numbers (e.g. e61686cb-93a5-4737-8c40-52g8eb01bb67).
Here's the relevant aspx page code...
<asp:Content ID="Content1" ContentPlaceHolderID="head" runat="server">
</asp:Content>
<asp:Content ID="Content2" ContentPlaceHolderID="ContentPlaceHolder1"
runat="server">
<div class="login_page">
<div class="login_header">Password Reset</div>
<div class="login_body">
<asp:PasswordRecovery ID="PasswordRecovery1" runat="server"
onverifyinguser="PasswordRecovery1_VerifyingUser"
onsendingmail="PasswordRecovery1_SendingMail">
</asp:PasswordRecovery>
</div>
</div>
</asp:Content>
And the code behind...
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.Security;
using System.Text.RegularExpressions;
using System.Net.Mail;
using System.Configuration;
using System.Web.Profile;
using System.Text;
namespace Sample.Web
{
public partial class PasswordReset : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
bool IsValidEmail(string strIn)
{
// Return true if strIn is in valid e-mail format.
return Regex.IsMatch(strIn, @"^([\w-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$");
}
protected void PasswordRecovery1_VerifyingUser(object sender, LoginCancelEventArgs e)
{
if (IsValidEmail(PasswordRecovery1.UserName))
{
string username = Membership.GetUserNameByEmail(PasswordRecovery1.UserName);
if (username != null)
{
PasswordRecovery1.UserName = username;
}
else
{
PasswordRecovery1.UserNameInstructionText = "We were unable to access your information. Check your user name and try again.";
e.Cancel = true;
}
}
else
{
PasswordRecovery1.UserNameInstructionText = "You must enter a valid e-mail address.";
e.Cancel = true;
}
}
protected void PasswordRecovery1_SendingMail(object sender, MailMessageEventArgs e)
{
string pwd = Membership.GetUser(PasswordRecovery1.UserName).ResetPassword(PasswordRecovery1.Answer);
string email = StorageByMail.BLL.SBMUser.SelectUser(
StorageByMail.Data.User.GetIDFromUserName(PasswordRecovery1.UserName)).Email;
MailMessage m = new MailMessage(ConfigurationManager.AppSettings["AdminEmail"].Trim(), email);
m.ReplyTo = new MailAddress(ConfigurationSettings.AppSettings["AdminEmailReply"].Trim());
StringBuilder sb = new StringBuilder();
sb.Append("Please return to the site and log in using the following information.\n");
sb.Append("User Name: " + email + "\n");
sb.Append("Password: " + pwd);
m.Body = sb.ToString();
m.Subject = "Password reset from StorageByMail.com";
SmtpClient o = new SmtpClient(ConfigurationManager.AppSettings["SMTPHost"].Trim());
string smtpUser = ConfigurationSettings.AppSettings["SMTPUser"].Trim();
string smtpPass = ConfigurationSettings.AppSettings["SMTPPassword"].Trim();
if (smtpUser.Length > 0 && smtpPass.Length > 0)
{
o.Credentials = new System.Net.NetworkCredential(smtpUser, smtpPass);
}
o.Send(m);
e.Cancel = true;
}
}
}
