How to Implement Password Resets?

Question

I\'m working on an application in ASP.NET, and was wondering specifically how I could implement a Password Reset function if I wanted to roll my own.

S

Answer 1

You could send an email to user with a link. This link would contain some hard to guess string (like GUID). On server side you would also store the same string as you sent to user. Now when user presses on link you can find in your db entry with a same secret string and reset its password.