Password Recovery

Password recovery is a vital part of a user security system since users will forget their passwords.

You can access this interface from the Login form by clicking on the I forgot my password link. This operation is handles as part of the Login.usm page which selectively logs in or handles password recovery initiation.

Password Recovery involves several steps:

  • Sending a confirmation Email
  • Validating the Email link
  • Setting a new Password

Here's what this looks like:

When you click the Recover Password button, an email is sent off to the specified email account (if the account exists).

Email Configuration

Email account configuration uses the email settings in yourApp.ini file. The mail server configuration is set via the Web Connection settings in [Main]. The Email message settings are configured as part of the [UserSecurityManager] section.

The Email that is sent

The email sent is as a plain text message to the specified email address. The following is a captured email message in a local test SMTP server called PaperCut which allows you to test emails locally without actually sending actual emails:

The message contains a verification link that you can click or paste into a browser. The link validates that the email address is valid since the message was received. The unique ID is matched against an id stored in the database for the user's record and matched.

Assigning a new Password

If the email and code match you'll get to change your password in the Recover Email Form:

The form checks to see that the two passwords typed match and if they do goes ahead and updates the account with the new password.

Once complete the form redirects back to the Login Form.

© West Wind Technologies, 1996-2020 • Updated: 05/08/20
Comment or report problem with topic