password recovery control

[Stephanie]

Alrighty. So i am working my way through a book recommended to me on this
site. Beginning ASP.NET 3.5...from apress. (Not in order, but that is ok.)

I want to use the password recovery control. I am not going to set up smtp
server right now. The password recovery business is not even a requirement
of the work I am doing. I just want to save myself the hastle of the
inevitable support that comes with forgotten passwords. And this is fun to
learn.

So my handy dandy book tells me to do this:

protected void pwrRecover_SendingMail(object sender, MailMessageEventArgs e)

{

e.Cancel = true;

pwrRecover.SuccessText = e.Message.Body;

}



Love it. Except that e.Message.Body shows the password as stored in the db,
hashed. What the heck is the user supposed to do with that? How do I get the
password out in readable english, please?

Thanks

 

[Paul Shapiro]

I don't use code for the password recovery control, except to map a
user-entered email address to a username. The reset control sends a mail
message based on the static property:
<MailDefinition BodyFileName="PasswordRetrievalEmail.txt" Subject="New
password"></MailDefinition>

The trick is that in the PasswordRetrievalEmail.txt file, you can specify
the username and password to be filled in:
Below is your new password. After you login with your username and this
password, you can change the password from the link on the Login page.
Username: <% UserName %>
Password: <% Password %>