locked
How to send password in email when user clicks on forgot password button in asp.net using c# ? RRS feed

  • Question

  • Hello respected developers,

    I am trying to send user password when clicked on forgot password button. I made settings in "Website--->ASP.NET configuration" tab as servername = smtp.gmail.com, port=587, from = "xyz@gmail.com, senderusername="xyz@gmail.com", senderpassword="123456".But I was thrown with the error saying failure in sending mail.Could you please help me where I am doing wrong. 

    An urgent response needed.Please help me.Thanks in advance...

    Here is the code which goes in my page.

    ForgotPassword.cs :-

    protected void btnsubmitforgot_Click(object sender, EventArgs e)
        {
            SqlConnection con = new SqlConnection("Username=...;Password=...;");
            SqlCommand cmd = new SqlCommand("select password from easy_registration where email= '" + txtboxforgotemail.Text.Trim() + "'", con);
            con.Open();
            SqlDataAdapter da = new SqlDataAdapter(cmd);
            DataSet ds = new DataSet();
            da.Fill(ds);
            con.Close();
            try
            {
                if (ds.Tables[0].Rows.Count > 0)
                {
                    Label1.Text = txtboxfogotemail.Text.ToString();
                    MailMessage mail = new MailMessage();
                    mail.From = new MailAddress(Label1.Text.ToString());
                    mail.To.Add(txtboxfogotemail.Text);
                    mail.Subject = "Your forgot password is ";
                    mail.Body = "Hi, Your password is:" + ds.Tables[0].Rows[0]["password"] + "";
                    mail.IsBodyHtml = true;
                    SmtpClient smtpc = new SmtpClient("smtp.gmail.com");
                    
                    smtpc.Port = 587;
                    smtpc.Credentials = new System.Net.NetworkCredential("senderemail@gmail.com", "senderpassword");
                    
                    smtpc.EnableSsl = true;
                    
                    smtpc.Send(mail);
                    Label3.Visible = true;
                    Label3.Text = "Your password has been sent to registered email";
                    txtboxfogotemail.Text = "";

                }
                else
                {
                    Label3.Text = "mail does not exist";
                }
            }
            catch (Exception ex)
            {
                Label4.Visible = true;
                Label4.Text = ex.Message;
            }
        }


    sammy

    • Moved by Kristin Xie Monday, September 8, 2014 6:32 AM
    Friday, September 5, 2014 10:06 AM

Answers

  • You should not send the password via email. It should even not possible to send the password. The password should not stored directly. Instead you should store it encrypted, so it cannot be read by anyone, not even by you. As "forget password" mechanism you can use a mechanism that allow the user to set a new password. It could also be acceptable to set a new random password that the user have to change.

    Chris

    Code Samples: Code Samples
    Chrigas Blog: Chrigas Blog

    • Proposed as answer by chriga Sunday, September 21, 2014 9:58 PM
    • Marked as answer by Just Karl Tuesday, June 2, 2015 10:36 PM
    Friday, September 5, 2014 10:38 PM
  •   mail.From = new MailAddress(Label1.Text.ToString());
      mail.To.Add(txtboxfogotemail.Text);

    you can change to:

    mail.From = new MailAddress("senderemail@gmail.com","Sender");

    mail.To.Add(new MailAddress(txtboxfogotemail.Text.Trim()));

    • Proposed as answer by chriga Sunday, September 21, 2014 9:58 PM
    • Marked as answer by Just Karl Tuesday, June 2, 2015 10:36 PM
    Saturday, September 6, 2014 2:19 AM
  • Hi sammy979,

    Like the title mentioned, it is an ASP.NET related case. You’ll need to post it in the dedicated ASP.Net Forum http://forums.asp.net for more efficient responses, where you can contact ASP.NET experts. Thanks for understanding.

    Best regards,

    Kristin


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    • Proposed as answer by chriga Sunday, September 21, 2014 9:58 PM
    • Marked as answer by Just Karl Tuesday, June 2, 2015 10:35 PM
    Monday, September 8, 2014 6:31 AM

All replies

  • Hello sammy979,

    Try writing

    mail.To.Add(new MailAddress(txtboxfogotemail.Text));

    instead of

    mail.To.Add(txtboxfogotemail.Text);

    You can find more useful information in the discussion at [1].

    [1] http://stackoverflow.com/questions/9201239/send-e-mail-via-smtp-using-c-sharp

    Regards,
    Bo Liu
    Developer-Hotline for MSDN Online Germany

    Disclaimer:
    Please take into consideration, that further inquiries cannot or will be answered with delay.
    For further information please contact us per telephone through the MSDN-Entwickler-Hotline: http://www.msdn-online.de/Hotline
    MSDN-Entwickler-Hotline: Fast and professional help for software developers free of charge!

    For this post by the MSDN-Entwickler-Hotline the following terms and conditions apply: Trademarks, Privacy as well as the separate terms of use for the MSDN-Entwickler-Hotline.

    Friday, September 5, 2014 11:31 AM
  • Hi Bo Liu , 

    I tried using above mentioned way but it didn't fetch me the right answer:(


    sammy

    Friday, September 5, 2014 5:39 PM
  • You should not send the password via email. It should even not possible to send the password. The password should not stored directly. Instead you should store it encrypted, so it cannot be read by anyone, not even by you. As "forget password" mechanism you can use a mechanism that allow the user to set a new password. It could also be acceptable to set a new random password that the user have to change.

    Chris

    Code Samples: Code Samples
    Chrigas Blog: Chrigas Blog

    • Proposed as answer by chriga Sunday, September 21, 2014 9:58 PM
    • Marked as answer by Just Karl Tuesday, June 2, 2015 10:36 PM
    Friday, September 5, 2014 10:38 PM
  •   mail.From = new MailAddress(Label1.Text.ToString());
      mail.To.Add(txtboxfogotemail.Text);

    you can change to:

    mail.From = new MailAddress("senderemail@gmail.com","Sender");

    mail.To.Add(new MailAddress(txtboxfogotemail.Text.Trim()));

    • Proposed as answer by chriga Sunday, September 21, 2014 9:58 PM
    • Marked as answer by Just Karl Tuesday, June 2, 2015 10:36 PM
    Saturday, September 6, 2014 2:19 AM
  • Hi sammy979,

    Like the title mentioned, it is an ASP.NET related case. You’ll need to post it in the dedicated ASP.Net Forum http://forums.asp.net for more efficient responses, where you can contact ASP.NET experts. Thanks for understanding.

    Best regards,

    Kristin


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    • Proposed as answer by chriga Sunday, September 21, 2014 9:58 PM
    • Marked as answer by Just Karl Tuesday, June 2, 2015 10:35 PM
    Monday, September 8, 2014 6:31 AM