To generate a random, single-use URL
I've published a different take on a log in system on CodeProject ( http://www.codeproject.com/KB/aspnet/mlogin.aspx ) and I've got some free time, so I thought I'd have a look at password recovery/reset.
It was suggested on the article that I look into sending the account owner a single use, random url where they can reset their password if the account gets locked because of too many invalid login attempts/forgotten password.
Can anyone provide some guidance to help me to do this?
So far, I'm thinking I just have to generate a random string in a "recovery" field in the database table for the user's row and then check if the requested URL on the site is the same as the value for that field, then dynamically draw the page server-side.
Am I thinking on the right track here, or way off the mark?
Thanks in advance!
You're on the right track. Rather than a random string, a GUID is sufficient (uniqueidentifier field in SQL). Use the "d" format so the URL doesn't have curly braces:
MyUser.RecoveryKey = Guid.NewGuid() Dim EmailBody As String = "http://blah/recoverpass.aspx?key=" & _ MyUser.RecoveryKey.ToString("D");