Implementing password reset link in asp.net Part 95

C#, SQL Server, WCF, MVC and ASP .NET video tutorials for beginners
http://www.youtube.com/user/kudvenkat/playlists

At the following link, you can find the text version of this video. You will also find the code samples used in the demo.
http://csharp-video-tutorials.blogspot.com/2012/12/implementing-password-reset-link-in.html

For your convinience, I have included the links for Dot Net Basics, C#, ASP.NET, ADO.NET and SQL Server video series.

C# Video Series
http://www.youtube.com/playlist?list=PLAC325451207E3105&feature=view_all

Dot Net Basics Video Series
http://www.youtube.com/playlist?list=PL8598C97BA1D871C1&feature=view_all

ASP.NET Video Series
http://www.youtube.com/playlist?list=PL6n9fhu94yhXQS_p1i-HLIftB9Y7Vnxlo&feature=view_all

ADO.NET Video Series
http://www.youtube.com/playlist?list=PL6n9fhu94yhX5dzHunAI2t4kE0kOuv4D7&feature=view_all

SQL Server Video Series
http://www.youtube.com/playlist?list=PL08903FB7ACA1C2FB&feature=view_all

---

Closed Caption:

hello welcome freedom technologies i am
thinking this is part 95 facebook .
video series in this session will
discuss about implementing password
reset link in asp.net now if you have
forgotten your password to an
application some of the applications
actually help you recover your forgotten
password so they will ask you a series
of security questions and if you want
them correctly they will send you an
email with the forgotten password and
remember the forgotten password is sent
in a plain text format to your email
which is definitely not secure
that's why most of the applications
these days actually will email you a
link where you can reset your password
ok so in this session will discuss about
how to generate and email that password
reset leg let me actually show you how
the password reset link looks like so
this is how the password reset link
looks like so here you know i have just
generated this using asp.net if you look
at this it says dear
test test is the username saudia test
please click on the following link to
reset your password and then the link
itself and then finally signature
presume technologies and if you look at
the link it says HTTP colon for / for /
localhost because the application is
running my on my machine so local host
web application one is the name of the
web application and within this web
application 1i have registration folder
so within registration folder we have
that change a password to change
password . aspx change password aspx and
then the most important thing to
identify here is it it is expecting a
query string I mean it has a query
string parameter their new ID and then a
unique number there
ok now what is the purpose of this
unique ID will discuss about that in the
next video session when we actually set
the password in the session will discuss
about generating this reset link itself
okay so obviously now when i click this
link i will be no access to change
password page and tomorrow using this
unique identifier i will take this
unique identifier look up the user ID
and then you know provide fields here
for the user to actually change his
password that will be in the next video
session
ok now another important thing to
understand is why did we add a change
password we just reset password all
these pages to registration folder
that's because within registration
folder we have this web.config file and
it says in the authorization element i
love users equal to start meaning it's
gonna allow every user access to this
page in spite of whether they are
authenticated or not including the
anonymous users ok and it makes perfect
sense because Y will ever any user get
to these pages if they don't have a
username to log in they want to register
with your application so we should allow
anonymous access that's why did you stop
pages within registration folder and y
will ever a user get to change password
or just reset password paid that's
because if if they have forgotten the
password they want to reset and change
the password so there's no way for them
to login and that's why we have to allow
an anonymous access to those pages as
well that's where all these pages are
actually present in registrations folder
ok now let's go ahead and look at the
steps that are required to generate this
password reset link obviously the first
tab is to create this reset password
page itself so i have this reset
password page and if you look at this
page it has very simple HTML the
plaintext reset my password username and
then we have a text box where the user
can enter their username for which we
want to reset the password and then
click this reset password button upon
which we want to generate that link and
then send him send that link to the
registered email
ok and obviously label control to
display the success or failure of
sending that reset password length
ok so that's the first step we have
designed that very simple HTML
I'll have this HTML posted on my blog as
well just in case if you want to have a
look at that later and then when i click
this that's when we want to actually
generate the reset length
ok so the next step is to actually
create this table TBL reset password
requests now this lot of text here in
this paragraph bill worried about that
ingested
it but let's go and create the table so
if you look at this table TBL password
reset request it has got three columns
ID user ID and reset a request a time so
we set a request a time that's going to
be pretty simple and straightforward
whenever the user our request that we
set link to be sent
that's the date and time and then the
user ID which user ID so if you look at
TBL users table every user name has got
an idea associated with that so that's
the ID user ID okay which is in the
that's this user ID and look at that
that's a foreign key referencing TBL
users table and the ID column and then
I'd eat this is important and that's
what you see within this email that we
received the globally unique identifier
is a 32-bit a unique number
ok so that's that you that's that's that
column uid I mean ID and that's going to
act as the primary key for this
particular table
ok so we want to create this table i
have already created that so if you look
at that table it's going to have that ID
column which is a grid and then user ID
foreign key to the TV users table and
Rick reset request a time
ok so what's the next step the next step
is to actually create a stored procedure
ok and let's look at what the stored
procedures is doing hopefully you'll
understand the purpose of that in a bit
ok so if you look at this store see it's
very simple and straightforward
ok so SP reset password that's the name
of the stored procedure so this stored
procedure is taking in a username so
whatever username that we enter within
this page reset password so whatever
username that we entered in this text
box we will send that to the stored
procedure and what is the stored
procedure going to do that with that
username it's LX ok is there you know
user ID that that user name
do we have a user in this TL users table
ok that's what we're checking
where user name is equal to that user
name if there is a record then pick up
the user ID which is the ID and email of
that user and store them in these two
variables that we have okay and then
what we're doing here
this is again very simple here if at
user ID is not now
so the user ID is there its existing in
the table then the username that he has
supplied is a valid username for which
we want to reset the password
ok so if username access what we are
doing look at it globally unique
identifier i'm creating a variable of of
type unique identifier and then i am
assigning that to this variable why am i
doing that because we want to insert a
true into this table TBL reset password
requests table
ok so we're going to insert a new row
into that table
look at that it has three columns ID
user ID and request reset request
datetime the values are this new grid
that we have just generated and the user
ID where is that user ID coming from
from this variable based on the username
we have retrieved that and then finally
the current date and time using the get
function so we are inserting that into
this table and then finally since the
username access and we have inserted a
row into this table okay we you know
this it it's a success the username is
there so we want to reset the password
for that user so we are selecting one a
certain code indicating success and then
the grid itself the globally unique
identifier 32 put unique identifier that
you can see here and then the email of
the user to which we want to send a link
ok so we we select them otherwise if the
user name of the user ID does not exist
for the given username then we are
selecting 0s written code
not unless the unique ID and not less
email so you are outputted look
something like this
ok so based now we will go ahead and
create the stored procedure and then
will invoke the stored procedure from
ordinate application and based on what
we get back from this stored procedure
we then you know either send an email
after forming the reset password length
otherwise will display an error message
saying that the user name is not found
ok so i have already created the stored
procedure here so they expand
programmability and then stored
procedures you should see that SP reset
password stored procedure that's exactly
the same stored procedure that we have
here
ok now let's go ahead and invoke this on
the reset password link button click
event
ok so i have this here and before that
you know I actually have a function
which sends an email to the end-user so
let me copy that function to supply it
function because I just want to use this
function in the space so that's why I
made this play wit okay now first of all
let's get rid of these compliation
adders mailmessage class this is present
in system.net . mail now we have
discussed about sending emails in the
previous sessions of this video series
if you don't watch that i would strongly
encourage you to do so before continuing
with this session I will however have a
link to send emails asp.net video in the
description of this video when i upload
that ok so system.net . male that's the
namespace which in which we have mail
message class and stringbuilder class is
present and systems or text namespace so
let's go ahead and import that as well
so using system . text okay so what are
we doing here this I mean this method
send password at least that email method
this method is taking three parameters
the email of the user to which we want
to send this email and the username
because if you look at the email it says
dear test
what is test if you look at the TBL user
table test is the name of the user
I mean that's the username okay so we
need the username we need the two email
address
and we need this globally unique
identifier as well so these are the
things that we are actually passing to
this send password reset email matter
ok so what we're doing here we're
creating a mail message object okay with
the pflumm and a 2 e-mails ok now to
email i'm using the parameter as it is
because when we invoke this matter
that's when we will pass it to email and
then look at this all these lines are
actually building that link that you see
here i mean basically this body we are
building this body here
so how should our body look like no idea
username username coming from it's
coming as an input parameter to this
method so dear user name and then to
HTML breaks that's why you see two lines
here between do tests and then please
click OK and then please click on the
following link to reset your password
and that's what you see here and finally
1.html break and then look at the link i
am forming here HTTP colon for / for /
local host of application one
registration for the change password is
PX u YT is equal to-- whatever unique ID
that we are going to pass into this
method we are pending that that length
and then again to HTML break so that we
get two line breaks and then finally
regime technologies within full HD
amount so that is the entire body
ok email body and that's what you see
here
ok so once we have the email body look
at that this is important mail message
is body HTML is equal to true otherwise
this break elements will be shown as
literal text on the email so you have to
set that to true
okay because we are using HTML within
the body
alright and then we are setting the body
property do that
stringbuilder object now if you're
wondering why be using stringbuilder
object because if you're modifying a
string it's always better to use
stringbuilder object because they are
mutable there are strings of type string
object are immutable that's why from a
performance perspective use
stringbuilder object if you're modifying
it multiple times
okay and then we are setting that as the
body
and the subject is reset your password
and that's what you should see here
within the subject reset your password
and smtpclient basically i'm using gmail
smtpclient smtp.gmail.com the port
number at which gmail smtp works is 587
so that's the poor there and then
obviously we need to specify the
credentials I don't have my credentials
here if you are sending an email from
Yorktown to somebody else then you use
your email and your password to your
gmail password your smtpclient will
authenticate and it is the right
password is going to send from your
account you know from email address to
that email address an email and finally
our Google works on HTTPS so if you look
at this gmail it works on HTTPS so we
have to set enable ssl to true and
finally send the mail message itself so
this is the method which is doing the
work of sending the email
ok but then we need to provide to this
function the to email the username and
the unique ID okay and where are they
coming from
they're coming from your stored
procedure so if you look at the stored
procedure you get the 2 e-mail and
unique ID and where will you get the
username from the username will actually
come from that he said password page
itself on the text box they enter the
username
ok so we're going to make use of all
those three fields past them to this
method and you're done okay but then
before that you actually have to invoke
the stored procedure depending on what
the stored procedure is going to return
back to you you know you make a decision
whether to send an email our to show an
error message to the end-user ok so
again i have that here and again it's
going to be very simple idea . net cord
so let me copy the implementation of the
button click even there and paste it
there ok now let's get rid of those our
editors the compilation errors the
configuration manager classes present
and system . configuration namespace and
sequel connection sequel command they're
presented system . data
that's equal client namespace and the
parameter type the command type is
actually present command type in them is
present system . data in space so let's
go ahead and import that ok so that
should get rid of the compliation adders
and now if you look at this this is
pretty straightforward att.net cord
ok so and we have discussed about
att.net in a very great detail i'll have
a link to the audio or video series as
well if you're new to that
alright so what are we doing here we
creating I can I mean the connection
string we're reading the retrieving the
connection string value from web content
file so we have the connection string in
web.config file which we are achieving
creating the sequel connection object we
are using the using statement because
the connection object will automatically
be closed when the scope of that is lost
and then we're creating the sequel
command object and if you look at that
we are in walking the SP reset password
which we have just created so that is
this password that is that's stored
procedures and then we are using the
connection object which we have created
command type specifying that it's a
stored procedure and this stored
procedure to look at that it expects a
user name parameter so we need to pass
that to the stored procedure which we
are doing by creating the sequel
parameter object and there is the value
for that user name parameter coming from
that's coming from the text box that's
present on this page so that's the text
box and then we are adding the parameter
to the command object using the
parameters collection property open the
connection execute the reader and we are
using execute leader because we're
getting a trio of data back from the
stored procedure
ok and then what we are doing we are
using a while loop to loop through that
reader and then we are checking the
return code so if you look at what is
the written code that we are getting
back so if the username access then we
are inserting arrow into that table and
then we are selecting one st written
code meaning the username is present
this is the unique identifier and this
is the email of the user now if you are
wondering why we are using a unique
right and if I don't worry about that
will discuss about that in the next
video session when we actually change
the password
ok so select ones didn't called globally
unique identifier and the email of the
user
ok so we checked the return cord it will
either be 1r0 ok so we can convert that
to a boolean type so then what that two
boolean if it's one it will be converted
to true and if it is true then what we
are doing we are in working that send
password reset email method this method
that we have just discussed about it
requires and to email so where is to
email coming from you know in this
column as email
let's quickly test this so that you can
understand this properly so i'm going to
pass a username so if you look at ppl
users table so there is a username
called a test so i'm going to send a
test test
okay look at that when i execute the
stored procedure look at what I'm
getting back
I'm getting one has written called a
unique ID and the email that is
associated with that username
ok so this is how the data will come
back to the application so within the
application what we are doing we are
converting the return code so what's the
written go that's one that will be
converted to true so it comes inside the
if block and then we are retrieving the
email from this email column and passing
it to this method and similarly be added
leaving the username
what is the username coming from the
text box itself and finally the unique
Heidi again the column name is unique ID
so we're passing that to this method
which will send the email and then
finally we display a message to the user
stating an email with instructions to
reset your password is sent to your
registered email
otherwise if every user name is not
sound then we display and I'll username
not found a message which is simple and
straightforward
ok now if you look at what has just
happened you know since we have tested
this if I plus a five-inning select star
from that table reset password requests
look at that generate
that unique identifier user IDs one if
you look at tbell users table so for
test what is the user ID that's one and
this is the date and time I have
requested reset link to be sent
ok so actually if i run this now this is
not going to practically send an email
now because I don't have my actual gmail
username and password here
ok but if i enter an invalid username
here and click reset password look at
that user name not found but if i enter
a valid email address it's going to fail
now after sometime it will throw an
exception and will fail
look at that but it's sending an email
it fails because the smtp server
requires a secure connection or the
client was not authenticated so I didn't
provide a valid email address here and
the password that's why a dental but if
you're testing it you your email address
in your gmail password it's going to
send an email just like this to your
inbox
ok so in this session we have discussed
about how to actually sand in a password
reset a link in the next video session
we will see how to actually change the
password using that at least that link
and in that process will also understand
why are we using this globally unique
identifier why can't we use this integer
user ID instead of that on the slide you
can find the sources for asp.net c sharp
and sequence of interview questions
that's it for today thank you for
listening have a great day