To generate a random, single-use URL

I've published a different take on a log in system on CodeProject ( http://www.codeproject.com/KB/aspnet/mlogin.aspx ) and I've got some free time, so I thought I'd have a look at password recovery/reset.

It was suggested on the article that I look into sending the account owner a single use, random url where they can reset their password if the account gets locked because of too many invalid login attempts/forgotten password.

Can anyone provide some guidance to help me to do this?

So far, I'm thinking I just have to generate a random string in a "recovery" field in the database table for the user's row and then check if the requested URL on the site is the same as the value for that field, then dynamically draw the page server-side.

Am I thinking on the right track here, or way off the mark?

Thanks in advance!

Answers


You're on the right track. Rather than a random string, a GUID is sufficient (uniqueidentifier field in SQL). Use the "d" format so the URL doesn't have curly braces:

MyUser.RecoveryKey = Guid.NewGuid()
Dim EmailBody As String = "http://blah/recoverpass.aspx?key=" & _
   MyUser.RecoveryKey.ToString("D");

Need Your Help

Database schema for efficient attendance management system

mysql database database-design architecture schema

I am developing an attendance system for school which will cater to both employees as well as students.

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.