The PasswordRecovery control provides the functionality to retrieve or reset a user�s password based on their username. The information is then emailed to the user. The control does not support displaying the password to the user in their web browser. Security Note: It may be possible for the email containing the user�s password to be intercepted by hackers and thus compromise the user�s account. The PasswordRecovey control uses the Membership service to retrieve or reset the user�s password. The default Membership provider from your configuration file will be used automatically, however you can also set the Membership provider as a property on the control. The PasswordRecovery control honors the following Membership configuration settings:
requiresQuestionAndAnswerWhen set to true the Question view will be required for the user�s password to be retrieved or reset. When set to false the Question view is not displayed to the user.passwordFormatIf the passwordFormat is set to hashed, the control will be unable to retrieve the password and will only attempt to reset the password.enablePasswordRetrievalWhen set to false the control will attempt to reset the password.enablePasswordResetWhen set to true the password will be reset, if set to false and all retrieval options are also disallowed the control will be unable to recover the password for the user.
The PasswordRecovery control consists of three discrete views which are displayed to the user sequentially. The Username view is the first view shown to the user and it collects and submits the user�s name. The Question view is an optional view that is only displayed if the security question (e.g. pet�s name) is required to retrieve or reset the password. The Success view is an optional view that is displayed when the password has been successfully retrieved or reset for the user. In addition to the success view the control supports redirecting the user to new page if they are successful. Key elements of the PasswordRecovery Control are:
- Username Label and Textbox: Collects the string used to identify the user in the membership system.
- Question Label and Answer Textbox: Displays the security confirmation question and collects the answer.
- SubmitButton: The button that fires the user and question views.
- SuccessText : Text displayed when the password has been successfully reset.
- Title and Instruction (Username and Success views): Text to orient and guide the user through the process.
- Link: Configurable link to help information.
- Validators: Required field validators for the username and security answer textboxes.
In addition to the visual elements displayed to the user on the web site, the PasswordRecovery control also contains a MailDefintion that determines the content of the email that is sent to the user. The PasswordRecovery control contains a default email message that is sent to the user, however you can customize this behavior and add your own text or html file to be used as the body of the message. If you are creating your own email file the control will automatically insert the user�s username and password for the following strings: < %UserName%> <%Password%> in the designated email file.