Solved

asp:PasswordRecovery - show password on screen

Posted on 2011-02-10
3
383 Views
Last Modified: 2012-05-11
Hi
I'm developing an intranet where a lot of users dont have an email address so i need to do a password recovery by asking them their security question, and then reveal the password on screen

Is this possible ?
I'm really after the code or a tutorial that shows how to do this
i've looked and all i can find are the standard tutorials that email the password

Thanks
0
Comment
Question by:websss
  • 2
3 Comments
 
LVL 2

Expert Comment

by:ndford005
ID: 34871547
If they send the password via email, just change the script so that instead of sending the email it displays the result on the page.  Remember, the only way to show a users password again is if it's not stored in an encrypted format (i.e., MD5 hash).
0
 

Author Comment

by:websss
ID: 34871720
it's encrupted
I can see salt etc in the DB

so is my only option an email?
0
 
LVL 2

Accepted Solution

by:
ndford005 earned 500 total points
ID: 34873067
As it is encrypted, you can not feasibly retrieve the original email.  All you can do is take user input, hash it using the salt (using the same/original hashing function) and compare the resulting hash with what's stored in the database.

So for forgotten passwords you will need to have users reset their password after passing the security question.  You can do this either way (immediately on the page or by sending a link via email).  The best way would be considered to email the link so that it's more likely that the user is the one resetting the password.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Lots of people ask this question on how to extend the “MembershipProvider” to make use of custom authentication like using existing database or make use of some other way of authentication. Many blogs show you how to extend the membership provider c…
IntroductionWhile developing web applications, a single page might contain many regions and each region might contain many number of controls with the capability to perform  postback. Many times you might need to perform some action on an ASP.NET po…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question