MVC password reset mail NO SIMPLEMEMBERSHIP

Question

Am I really that bad of a googler or is there no guides out there on how to reset a password WITHOUT simplemembership using tokenlink?

I want the anonymous user to input the mail of the account, send a mail with a link and when visiting that link the user is able to reset the password without the old password. I am not using simplemembership!

I know how to send emails and all that but I have never created a token and use it for the link in the mail etc. Are there any decent guides that could help me with this?

Side note, I'm storing all my user information in azure tablestorage.

Thanks

Answer 1

Stack Overflow isn't the best place to be asking overly broad "How do I do this?" questions, nor "recommend me a tutorial or guide".

(Having said that, I like the question/problem)

It should be fairly simple.

1. The user clicks on the "forgot password" link.
2. Generate a random string ("token"), such as a GUID and store it (such as in a database). Also store the time that it was generated or an expiration date.
3. Email the user a link to your site with the appropriate token.
4. The user comes back to your site. If the token exists and was done within the expiration time (15 - 30 minutes?) then give them a form to change their password.

Further reading

• Resetting ASP.NET password - security issues?
• Best way for a 'forgot password' implementation?