Hi there, I'm a bit confused about how to go about a forgotten password process in Umbraco. I've made a surface controller to create members from a .txt file, however I'm not sure where to start when it comes to allowing a user to reset their password. Does anybody have any ideas where to begin?
For a forgotten password process, you will want a link on the login page which goes off to a forgotten password form.
Then you have just an email address field on this form. The user will enter their email address in this form and submit it.
Then in your controller for the forgotten password form, the method for handling the submit, should check if they have an account and if they have it should send an email to them. To reset their password. This link should have a hash value in the query string which you can validate when they click on it.
Whether they have an account with you or not you want to show them the exact same message saying something like thank you for requesting a password reset, if you have an account with us you will receive an email shortly.
When they click on the link it should load a reset password page which will try and validate the hash value in the link. If it is a valid link and is clicked on within an hour from it being generated, you will allow them to enter a new password and have a confirm password field below it too. If they both match and are valid against your site's password policy it should update the member's password and redirect them to the login page.
If the link wasn't valid it should give them a link to the forgotten password form again to send a new email.
I hope this high level description helps you work out what you need.
Thank you very much for taking the time to respond to me, I'll check this out right now! PS your videos helped me out a lot and have been a great help.
While this is definitely helpful at describing the high level workflow of it, I'm at a bit of a loss at how to implement it to be honest.. Not even sure where to begin on the back end after creating the forgotten password form!
Members Forgotten Password
Hi there, I'm a bit confused about how to go about a forgotten password process in Umbraco. I've made a surface controller to create members from a .txt file, however I'm not sure where to start when it comes to allowing a user to reset their password. Does anybody have any ideas where to begin?
Thanks,
David
Hi David
For a forgotten password process, you will want a link on the login page which goes off to a forgotten password form.
Then you have just an email address field on this form. The user will enter their email address in this form and submit it.
Then in your controller for the forgotten password form, the method for handling the submit, should check if they have an account and if they have it should send an email to them. To reset their password. This link should have a hash value in the query string which you can validate when they click on it.
Whether they have an account with you or not you want to show them the exact same message saying something like thank you for requesting a password reset, if you have an account with us you will receive an email shortly.
When they click on the link it should load a reset password page which will try and validate the hash value in the link. If it is a valid link and is clicked on within an hour from it being generated, you will allow them to enter a new password and have a confirm password field below it too. If they both match and are valid against your site's password policy it should update the member's password and redirect them to the login page.
If the link wasn't valid it should give them a link to the forgotten password form again to send a new email.
I hope this high level description helps you work out what you need.
Troy hunt has written a great post about the topic. https://www.troyhunt.com/everything-you-ever-wanted-to-know/
Kind regards
Paul
Hi Paul,
Thank you very much for taking the time to respond to me, I'll check this out right now! PS your videos helped me out a lot and have been a great help.
Thanks,
David
Hi David You are welcome and I'm glad the videos have helped too.
Cheers
Paul
Hi Paul,
While this is definitely helpful at describing the high level workflow of it, I'm at a bit of a loss at how to implement it to be honest.. Not even sure where to begin on the back end after creating the forgotten password form!
Thanks,
David
Hi David,
Maybe this could help you to get some idea: https://github.com/KrisJanssen/Umbraco7-Standard-Membership Its for Umbraco 7 but with few changes it will work with Umbraco 8.
BR
Josip
is working on a reply...