How to make PasswordRecovery webcontrol prompt for email & be more flexible

Discussion in 'ASP .Net Security' started by JJA, Oct 23, 2006.

  1. JJA

    JJA Guest

    I've got this control working now but I am wondering if there are ways
    to make this more flexible. Specifically:

    1. I would like to have the user prompted for his EMAIL address first
    rather than his USERNAME (i.e. based on notion that if he forgot his
    password chances are he may have also forgotten his username but rarely
    would not know his password). Has Microsoft allowed this control to be
    tweaked somehow to behave in this fairly standard manner?

    2. Is there any way to configure this control (or other related
    controls) such that:

    a. Password on file is not automatically changed to a extremely strong
    (temporary) password.

    b. Instead, the current but forgotten password is obtainable and sent
    to the user's email address in its decrypted form.

    I realize this may not be the best practice but my boss is convinced
    based on his own experience with using the web that having the user
    paste a very strong password into his next login attempt (from the
    email generated) is something that will be too much for our user.
    Instead, he wants me to send the actual password on file in the email
    to the user (because this is the way every web site he has used handles
    this facility). I need to know what my options are (if any) with this
    control. Thanks in advance for guidance.
    JJA, Oct 23, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.