Password reset question 1

[Everton1Blue]

Hello

Can I ask about the logic behind a request for a password reset where a user has forgotten his password?

These passwords will eventually be hashed/salted.

The user completes a field requesting his email address. The code checks that he exists in the database. If not, an onscreen error message appears. If validated, he is sent an email to the address he has provided via SMTP (in this case).

That email contains a link (that is where I become unstuck - where is that link generated?) that, when clicked, takes him to another page on the Web site asking him for a password and confirmation of that password. An error is displayed if the passwords don't match.

That new password then overwrites the old password held in the database and the user receives an onscreen message confirming that his password has now been reset and that he can now try to log-on by visiting the Log-on page.

Many thanks

 

[JRB-Bldr]

That email contains a link (that is where I become unstuck - where is that link generated?)

You have already answered your own question.
The "email contains a link..."

Obviously the email's Body was composed within your ASP.Net code.
And, since the link is part of the email's Body, your ASP.Net code "generates" the link and makes it part of the Body.

To get an idea of how that link needs to appear, look at one of your own emails that contains a link and then Open the Source of the email.

As to the rest of the functionality, you (or someone) needs to write the web service to 'answer' when the link is clicked and respond accordingly.

Good Luck,
JRB-Bldr

 

[Everton1Blue]

Many thanks for your reply, JRB-Bldr

I take it then that the server automatically creates that link and something like SMTP posts it to the user?

Good idea about looking at one of my own emails that contains a link and then Open the Source of the email.

Thanks again!