لطفا منتظر باشید ...
ASP.NET 2.0: A Developer''''s NotebookBy
Table of Contents
| Index
| Errata
When ASP.NET hit the street a couple of years ago, it was a
real eye-opener. Microsoft''''s tool for creating dynamic,
server side web applications introduced Web Forms, a feature
with the same rapid drag and drop convenience enjoyed by
Visual Basic developers, along with a method for creating
XML-based web services. ASP.NET was more than an upgrade of
Active Server Pages it was a quantum leap ahead.
Now Microsoft has a new version of ASP.NET as part of its
upcoming next generation release of the Visual Studio .NET
development platform. ASP.NET 2.0 is already available in
beta release, and web developers are anxious to get a good
look at it. That''''s exactly what our new Developer''''s Notebook
allows you to do.
More than just an introduction to ASP.NET 2.0, this
practical guide acquaints you with all of the new features
through nearly 50 hands-on projects. Each one places
emphasis on changes in the new release that can increase
productivity, simplify programming tasks, and help you add
functionality to your applications. For example, ASP.NET 2.0
includes master pages, themes, and skins so you can build
applications with a consistent page layout and design. Other
changes allow for the automatic creation of web pages for
use on mobile devices, while wizards and controls allow you
to perform frequent tasks (like data access) without having
to write a single line of code.
ASP.NET 2.0: A Developer''''s Notebook
also includes suggestions for further experimentation, links
to on-line documentation, and practical notes and warnings
from the author regarding changes to the new version.
The new Developer''''s Notebooks series from O''''Reilly offers an
in-depth first look at important new tools for software
developers. Emphasizing example over explanation and
practice over theory, they focus on learning by doing you''''ll
get the goods straight from the masters, in an informal and
code-intensive style. If you want to get up to speed on
ASP.NET 2.0 before its official release, this all lab, no
lecture book will get you there.
5.4. Recover Passwords for Users
Note: Let users recover their lost passwords automaticallythrough email.
Users sometimes (in reality, a lot of times!) forget their
passwords, and you need to have a mechanism to help them recover
their passwords easily. One of the most common ways is for the site
to ask for your email address so that it can send you the password.
In ASP.NET 2.0, this functionality is accomplished by the
PasswordRecovery control.The PasswordRecovery control allows users to retrieve their forgotten
passwords via email and makes it a snap to implement this
functionality for your site.
Password Recovery
Password recovery makes sense only if you store the password as plain
text and not its hashed value. However, by default, the settings in
the machine.config file specify that all
passwords be hashed before they are stored in the member database.
machine.config also disables password retrieval
by default.To store the user's password in plain text, add the
following to Web.config:
...Specifically, you are clearing all the Membership Providers and then
<system.web>
<membership
defaultProvider="SqlProvider"
userIsOnlineTimeWindow="15">
<providers>
<clear />
<add
name="SqlProvider"
type="System.Web.Security.
SqlMembershipProvider"
connectionStringName="LocalSqlServer"
applicationName="chap05-SecurityControls"
enablePasswordRetrieval="true"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
requiresUniqueEmail="true"
passwordFormat="Clear" />
</providers>
</membership>
...
adding a new SqlMembershipProvider. Note that you
need to set the enablePasswordRetrieval and passwordFormat attributes
(to TRue and Clear,
respectively) in order to allow passwords to be retrieved.If you set the passwordFormat as
Hashed, then the
enablePasswordReset must be set to
false.
5.4.1. How do I do that?
In this lab, you will use the PasswordRecovery control to allow usersto recover their forgotten passwords. You will extend the
Default.aspx page created in the earlier lab
with the PasswordRecovery control so that users who have forgotten
their passwords can retrieve them through email.Using the project created in the last lab
(C:\ASPNET20\chap-5-SecurityControls), drag and
drop the PasswordRecovery control onto
Default.aspx (see Figure 5-18).
Figure 5-18. Adding the PasswordRecovery control to the Default.aspx form
the Properties window of the PasswordRecovery control (see Figure 5-19).
Figure 5-19. Configuring the PasswordRecovery control
Auto Format... link in the PasswordRecovery Tasks menu).Press F5 to test the application. You will first be prompted to enter
your username, followed by the question that you set when you first
registered. If your answer matches the one stored in the database, an
email is sent to you; otherwise, you have to try again. The dialog is
shown in Figure 5-20.
Figure 5-20. Recovering lost passwords
PasswordRecovery control to send an email.You can configure SMTP service on your machine by using the ASP.NET
Web Application
Administration
Application
Configure SMTPemail settings.For security reasons, it is not a good idea to send a
user's password through email. Hence, you need to
carefully consider this option before you decide to use it.
5.4.2. What about...
...resetting a password?You will learn how toreset a user password in the lab Section 5.8, later in this chapter.
5.4.3. Where can I learn more?
To see the various methods and properties supported by thePasswordRecovery control, check out the MSDN Help topic
"PasswordRecovery Members."For more information on SMTP, check out the following SMTP chapter
from the book Exchange Server 2003 Transport and Routing
Guide:http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3TransnRouting/1bee564f-a307-4b65-83f4-61c1b5dcc744.mspx
