asp.net 3.5 password recovery control in an mvc app?

Can I use the asp.net 3.5 Password Recovery control in an MVC application?

We need to provide password retrieval capability for our MVC app and I would like to use the password recovery control which only works with a web form开发者_如何学JAVA app.

Unlike Login and Logout, the Password Recovery feature does not come implemented in a brand new ASP.NET MVC project, however, adding this feature to an ASP.NET MVC project is actually pretty easy as the Membership class already has the core functionality built-in.

I've posted in my blog an explanation on how I did it:

http://www.hectorcorrea.com/blog/Password-Recovery-in-an-ASP.NET-MVC-Project.aspx

A couple points on the current state-of-the-art (as of Oct, 2011):

1st: there's a good chance you don't actually want password "recovery" since it's considered a security risk and you have to turn-off one-way password encryption to be able to implement it. Instead, most people implement password "reset".

If you really do want to allow "recovery" then:

1) When you create a new internet project in VS2010, it creates: LogOn, Register, and ChangePassword pages for you. As Hector says, there's no password recovery created for you.

2) However, the Asp.Net Membership provider does support it, so you could add it by creating a Model, Controller and View yourself, setting enablePasswordRetrieval="true" and passwordFormat="Encryted" and calling Membership.GetUser().

If instead of password "Recovery" you actually want password "Reset" then there are a couple of ways to implement it: i) Self-service - where the user can click on a link and an email is sent to them with a link to reset the password.

Examples:

This one I have tried. I like it because it handles both account confirmation and password reset: -- http://nuget.org/List/Packages/SimpleMembership.Mvc3

I have NOT tried any of these:

-- http://hectorcorrea.com/Blog/Password-Recovery-in-an-ASP.NET-MVC-Project

-- http://stevenalexander.posterous.com/expiring-password-reset-token-in-mvc-with-wf

-- http://forrst.com/posts/ASP_NET_MVC_3_C_Password_Reset-gFA

ii) Administrator Managed - you contact the administrator who then reset's your password for you. TroyGoode's MvcMembership Starter Kit that Gthompson83 refers to above is an example of this. There's a menu item called "User Administration" that's accessible to administrators and allows passwords to be reset or a random one generated and emailed to the user. It also let's you manage roles.

A lot of server controls from Webforms will not work on MVC as designed. Check out the MvcMembership starter kit.