Support us .Net Basics C# SQL ASP.NET ADO.NET MVC Slides C# Programs Subscribe Buy DVD

Forgot password in asp.net core

Suggested Videos
Part 112 - Block login if email is not confirmed in asp.net core | Text | Slides
Part 113 - ASP.NET Core email confirmation | Text | Slides
Part 114 - External login email confirmation in asp.net core | Text | Slides

In this video we will discuss how to implement forgot password functionality in asp.net core mvc.

Forgot Password link

The first step is to include the Forgot Password link on the Login view. 


asp.net core identity reset password


The following is the HTML for that

<div>
    <a asp-action="ForgotPassword">Forgot Password?</a>
</div>

Forgot Password View Model

We just need the user email address to send the password reset link. So the ForgotPasswordViewModel class contains just one property - Email

namespace EmployeeManagement.ViewModels
{
    public class ForgotPasswordViewModel
    {
        [Required]
        [EmailAddress]
        public string Email { get; set; }
    }
}

Forgot Password Action Methods

Include the following HTTP GET and POST ForgotPassword() actions in the Account controller. The code in the actions is commented and self-explanatory.

[HttpGet]
[AllowAnonymous]
public IActionResult ForgotPassword()
{
    return View();
}

[HttpPost]
[AllowAnonymous]
public async Task<IActionResult> ForgotPassword(ForgotPasswordViewModel model)
{
    if (ModelState.IsValid)
    {
        // Find the user by email
        var user = await userManager.FindByEmailAsync(model.Email);
        // If the user is found AND Email is confirmed
        if (user != null && await userManager.IsEmailConfirmedAsync(user))
        {
            // Generate the reset password token
            var token = await userManager.GeneratePasswordResetTokenAsync(user);

            // Build the password reset link
            var passwordResetLink = Url.Action("ResetPassword", "Account",
                    new { email = model.Email, token = token }, Request.Scheme);

            // Log the password reset link
            logger.Log(LogLevel.Warning, passwordResetLink);

            // Send the user to Forgot Password Confirmation view
            return View("ForgotPasswordConfirmation");
        }

        // To avoid account enumeration and brute force attacks, don't
        // reveal that the user does not exist or is not confirmed
        return View("ForgotPasswordConfirmation");
    }

    return View(model);
}

Forgot Password View

@model ForgotPasswordViewModel

<h2>Forgot Password</h2>
<hr />
<div class="row">
    <div class="col-md-12">
        <form method="post">
            <div asp-validation-summary="All" class="text-danger"></div>
            <div class="form-group">
                <label asp-for="Email"></label>
                <input asp-for="Email" class="form-control" />
                <span asp-validation-for="Email" class="text-danger"></span>
            </div>
            <button type="submit" class="btn btn-primary">Submit</button>
        </form>
    </div>
</div>

Forgot Password Confirmation View

<h4>
    If you have an account with us, we have sent an email
    with the instructions to reset your password.
</h4>

At this point, run the project. Navigate to /Account/ForgotPassword and provide your registered email address. Upon submitting the form, the password reset link will be logged to a file and looks like the following.

https://localhost:44305/Account/ResetPassword?email=pragim@pragimtech.com&token=CfDJ8HpirsZUXNxBvU8n%2...

At the moment, if we try to use the password reset link, we get a 404 error. This is because we do not have ResetPassword() action in the AccountController. We will discuss how to implement this in our next video.

asp.net core tutorial for beginners