In this article, we will see how to reset the password through forgot password page in MVC.
Add an Action link on login page if the user forgets his/her password.The link redirects the user to the below page from where the user can get a reset link on the registered email id.
Note: The user should be a already-registered user.
This is how the forgot password page looks .The user needs to enter the registered and valid email id on which the reset link will be sent.
Below is the code of the forgot password action method
- public ActionResult ForgotPassword()
- {
- return View();
- }
- [HttpPost]
- public ActionResult ForgotPassword(string UserName)
- {
- if (ModelState.IsValid)
- {
- if (WebSecurity.UserExists(UserName))
- {
- string To = UserName, UserID, Password, SMTPPort, Host;
- string token = WebSecurity.GeneratePasswordResetToken(UserName);
- if (token == null)
- {
-
- return View("Index");
- }
- else
- {
-
- var lnkHref = "<a href='" + Url.Action("ResetPassword", "Account", new { email = UserName, code = token }, "http") + "'>Reset Password</a>";
-
- string subject = "Your changed password";
- string body = "<b>Please find the Password Reset Link. </b><br/>" + lnkHref;
-
- EmailManager.AppSettings(out UserID, out Password, out SMTPPort, out Host);
-
- EmailManager.SendEmail(UserID, subject, body, To, UserID, Password, SMTPPort, Host);
- }
- }
- }
- return View();
- }
In this article we are using gmail for sending the reset link which requires some settings on the web.config file (the settings are given below the methods).The below method is used to fetch those settings from the web.config file
- public class EmailManager {
- public static void AppSettings(out string UserID, out string Password, out string SMTPPort, out string Host) {
- UserID = ConfigurationManager.AppSettings.Get("UserID");
- Password = ConfigurationManager.AppSettings.Get("Password");
- SMTPPort = ConfigurationManager.AppSettings.Get("SMTPPort");
- Host = ConfigurationManager.AppSettings.Get("Host");
- }
- public static void SendEmail(string From, string Subject, string Body, string To, string UserID, string Password, string SMTPPort, string Host) {
- System.Net.Mail.MailMessage mail = new System.Net.Mail.MailMessage();
- mail.To.Add(To);
- mail.From = new MailAddress(From);
- mail.Subject = Subject;
- mail.Body = Body;
- SmtpClient smtp = new SmtpClient();
- smtp.Host = Host;
- smtp.Port = Convert.ToInt16(SMTPPort);
- smtp.Credentials = new NetworkCredential(UserID, Password);
- smtp.EnableSsl = true;
- smtp.Send(mail);
- }
- }
Web config settings
The above code will send a reset link on the registered email.Once the mail is received the user needs to click on the reset link which will redirect the user to the reset password page.
The mail will look like the below image,
Your changed password
Please find the Password Reset Link.
http://localhost:****/Account/ResetPassword?email=**************.com&code=UNbRRYVXWO4mqC15Gfdpaw2
On clicking the above link you will be redirected to a reset password page with the return/ reset token. The return/reset token is attached with the URL of the reset password page and helps in replacing the old password with the new one. User needs to enter the new password in the below page to reset it.
The code for Resetting password is as below:
- public ActionResult ResetPassword(string code, string email)
- {
- ResetPasswordModel model = new ResetPasswordModel();
- model.ReturnToken = code;
- return View(model);
- }
- [HttpPost]
- public ActionResult ResetPassword(ResetPasswordModel model)
- {
- if (ModelState.IsValid)
- {
- bool resetResponse = WebSecurity.ResetPassword(model.ReturnToken, model.Password);
- if (resetResponse)
- {
- ViewBag.Message = "Successfully Changed";
- }
- else
- {
- ViewBag.Message = "Something went horribly wrong!";
- }
- }
- return View(model);
- }
The Return token in WebSecurity in Mvc helps in replacing the old password with the new one. The ResetPassword() method in web security is used to reset the password with the help of return token of the registered user.