0

I am trying to register users only with email id. So when ever I enter email id and click on register then password should generate automatically and email should send to the particular email address. When he first time logins with that email id and password then we need to show the change password and security question and answer option. There is an option for auto generate password in create user wizard. For this i followed this link. But I am unable to solve the issue to show the first time login user to reset his password and set the security question and answer. Can any one give me the solution!!

Mihir
  • 8,696
  • 18
  • 56
  • 87

1 Answers1

2

You have to keep track of that in your database. You can have bit type field in the database for example IsFirstTimeLogin and set it true for the first usage and after successful login set it to false. You can also setup a field to specify if the user required to change password. If that field is set to true then you can ask the user to change the password. You can use the required password change field for period changes to the password in future as well.

As far as auto generating the password in concerned you can use the email id as the first password, but if you want some more secure option then you can issue any randomly generated password to the user, or you can use GetHashCode for password generations. Something like:

string email = "test@test.com";
string password = Math.Abs(email.GetHashCode()).ToString();

You can only try to make your password as much random as possible, You can look at this question for generating random strings.

Community
  • 1
  • 1
Habib
  • 219,104
  • 29
  • 407
  • 436
  • Auto generated password option won't give the random password which is secure? – Mihir Feb 07 '13 at 05:49
  • @Mihir, you can try different things for generating a random string. you can use `GUID` but usually the initial password is not that difficult, it totally depends on your requirement. I have edited the answer with an option to use `GetHashCode` for generating password, but again its not going to be random. – Habib Feb 07 '13 at 05:52
  • @Habib.. thanks.. i am using aspnetdb as the database. Can I add that `bit` value in any of the tables or it is better to create a new table with `userid`,`useremail`,`isFirstTime` such columns? – Mihir Feb 07 '13 at 05:54
  • @Mihir, I am not sure about `aspnetdb`, if you have access to it and you can create columns in then sure otherwise you can create your own table, whatever floats your boat :) – Habib Feb 07 '13 at 05:57
  • Yeah.. but experts like you should have an idea about how to implement such scenarios.. thats why asked :) – Mihir Feb 07 '13 at 05:58
  • @Mihir, I meant, I don't think this functionality is available with Membership provider, you can use its existing `comment` field in the user table for your purpose, take a look at this [discussion](http://forums.asp.net/p/1273575/2414481.aspx) – Habib Feb 07 '13 at 06:00
  • @Mihir, plus, I am no expert here :) just here to learn new things – Habib Feb 07 '13 at 06:01
  • so.. finally creating a new table is good option because it doesn't have such functionality by default... – Mihir Feb 07 '13 at 06:04
  • @Mihir, I think it is, it will let you customize it according to your own need, or you can use the existing tables and its columns `CreateDate` and `LastPasswordChangedDate` and set them to a same date/time. Then check in your login module if both of them are same and then prompt for change password... But its hackish – Habib Feb 07 '13 at 06:07