Provides user interface (UI) elements that enable a user to recover or reset a lost password and receive it in e-mail.
See Also: PasswordRecovery Members
Syntax
public class PasswordRecovery : CompositeControl
Remarks
In this topic:
Introduction
The System.Web.UI.WebControls.PasswordRecovery control assists users who have forgotten their passwords. It enables a user to request an e-mail message containing either a new password or the password already associated with his or her user name.
The System.Web.UI.WebControls.PasswordRecovery Web control uses Internet e-mail services to send recovered or new passwords to users. There are inherent security risks with sending passwords in e-mail. You should determine whether these security risks are acceptable to your site.
If you are not familiar with the set of login controls available in ASP.NET, see ASP.NET Login Controls Overview before continuing. For a list of other topics related to login controls and membership, see Managing Users By Using Membership.
Users can recover passwords only when the membership provider defined in the PasswordRecovery.MembershipProvider property supports clear text or encrypted passwords. Because hashed passwords cannot be recovered, users at sites that use hashed passwords can only reset their passwords.
Accepting user input is a potential security threat. Malicious users can send data that is intended to expose vulnerabilities or run programs that try generated passwords. To improve security when working with user input, you should use the validation features of your control and secure any data providers that are configured for your control. For more information, see Securing Login Controls, Basic Security Practices for Web Applications, and Securing Membership.
The System.Web.UI.WebControls.PasswordRecovery control can be used when a membership user has not been approved (System.Web.Security.MembershipUser.IsApproved is set to false), but it cannot be used when a membership user has been locked out (System.Web.Security.MembershipUser.IsLockedOut is set to true).
The e-mail message is sent using the System.Web.UI.WebControls.MailDefinition class. To be able to send e-mail to users, you must configure a mail server in your application's Web.config file. You can change the content of the e-mail sent to users by setting a custom message in the PasswordRecovery.MailDefinition property.
It is not possible to guarantee that a user will receive or view an e-mail message. To verify that a user has received a notification by e-mail, consider providing a confirmation link in the message, allowing the user to confirm that the notification was received.
Views
The System.Web.UI.WebControls.PasswordRecovery control has three states, or views:
UserName view -- Asks the user for his or her registered user name.
Question view -- Requires the user to provide the answer to a stored question to reset the password.
Success view -- Tells the user whether the password recovery or reset was successful.
The System.Web.UI.WebControls.PasswordRecovery control displays the Question view only when the membership provider defined in the PasswordRecovery.MembershipProvider property supports password question and answer.
The following table lists each style property of the System.Web.UI.WebControls.PasswordRecovery control and indicates which view it affects.
| PasswordRecovery.SubmitButtonStyle |
Yes |
Yes |
Yes |
| PasswordRecovery.FailureTextStyle |
Yes |
Yes |
No |
| PasswordRecovery.HyperLinkStyle |
Yes |
Yes |
No |
| PasswordRecovery.InstructionTextStyle |
Yes |
Yes |
No |
| PasswordRecovery.LabelStyle |
Yes |
Yes |
No |
| PasswordRecovery.SuccessTextStyle |
No |
No |
Yes |
| PasswordRecovery.TextBoxStyle |
Yes |
Yes |
No |
| PasswordRecovery.TitleTextStyle |
Yes |
Yes |
Yes |
Styles and Templates
You can use an extensive set of style properties to customize the appearance of the System.Web.UI.WebControls.PasswordRecovery control. Alternatively, you can apply custom templates to the three views if you need complete control over the appearance of the control. You can use the PasswordRecovery.QuestionTemplate, PasswordRecovery.SuccessTemplate and PasswordRecovery.UserNameTemplate properties to create templates for these views. If you define a template for a view, the style properties of System.Web.UI.WebControls.PasswordRecovery have no effect.
The following table lists the System.Web.UI.WebControls.PasswordRecovery control style properties and explains which UI element each style property affects. For a list of which properties each style applies to, see the documentation for the individual style properties.
| PasswordRecovery.SubmitButtonStyle |
Submit buttons on all views. |
| PasswordRecovery.FailureTextStyle |
Error text displayed to the user. |
| PasswordRecovery.HyperLinkStyle |
Links to other pages. |
| PasswordRecovery.InstructionTextStyle |
Instructional text on the page that tells users how to use the control. |
| PasswordRecovery.LabelStyle |
Labels for all input fields, such as text boxes. |
| PasswordRecovery.TextBoxStyle |
Text entry input fields. |
| PasswordRecovery.TitleTextStyle |
Title text for each view. |
| PasswordRecovery.SuccessTextStyle |
Text displayed to the user when the password recovery or reset attempt is successful. |
The following table lists which template properties apply to each view in the System.Web.UI.WebControls.PasswordRecovery control. For a list of the controls that you must set in each template, see the documentation for the individual template properties.
| UserName | |
| Question | |
| Success |
When the System.Web.UI.WebControls.PasswordRecovery control is not customized with templates, the WebControl.AccessKey property of the System.Web.UI.WebControls.PasswordRecovery control applies to the first text box in the control and the WebControl.TabIndex property, which is applied to all text boxes of the control. If the System.Web.UI.WebControls.PasswordRecovery control is customized with templates, then the WebControl.AccessKey property and the WebControl.TabIndex property are ignored. In this case, set the WebControl.AccessKey property and the WebControl.TabIndex property of each template child control directly.
System.Web.UI.WebControls.PasswordRecovery control properties represented by text boxes, such as PasswordRecovery.Answer and PasswordRecovery.Question, are accessible during all phases of the page life cycle. The control will pick up any changes made by the end user by means of the TextBox.TextChanged event triggered by the textboxes.
Validation Groupings
The System.Web.UI.WebControls.PasswordRecovery control creates a validation group for all required field validators in the control so that other input controls on the page are not affected by validating the System.Web.UI.WebControls.PasswordRecovery control. By default, the System.Web.UI.Control.ID property of the System.Web.UI.WebControls.PasswordRecovery control is used as the name of the validation group. For example, a System.Web.UI.WebControls.PasswordRecovery control with the ID "PasswordRecovery1" will use a validation group name of "PasswordRecovery1". If you want the System.Web.UI.WebControls.PasswordRecovery control to participate in another validation group, you must template the control.
Applying CSS Styles
The System.Web.UI.WebControls.PasswordRecovery control lets you specify CSS style rules in markup. If you use templates to customize the appearance of the System.Web.UI.WebControls.PasswordRecovery control, you can specify CSS styles in the markup in the templates. In that case, no extra outer table is required. You can prevent the table from being rendered by setting the PasswordRecovery.RenderOuterTable property to false.
Accessibility
For information about how to configure this control so that it generates markup that conforms to accessibility standards, see Accessibility in Visual Studio 2010 and ASP.NET 4 and ASP.NET Controls and Accessibility.
Declarative Syntax
Example
<asp:PasswordRecovery AccessKey="string" AnswerLabelText="string" AnswerRequiredErrorMessage="string" BackColor="color name|#dddddd" BorderColor="color name|#dddddd" BorderPadding="integer" BorderStyle="
Requirements
Assembly: System.Web (in System.Web.dll)
Assembly Versions: 2.0.0.0
Since: .NET 2.0