Progress will discontinue Telerik Platform on May 10th, 2018. Learn more

Recovering User Accounts

Recovering User Accounts

No password protected system is complete without the ability to recover user accounts in case of forgotten passwords. Telerik Platform provides various ways to do that:

These methods are designed to allow the user to reset only their own password, but prevent them from interfering with someone else's.

Using Email or Username

If a user forgets their password but has entered a valid email address when registering with Telerik Platform, your application can send password reset instructions to that email address. This works as follows:

  1. The user requests a password reset by typing their username or email address in your app.
  2. Your app sends a password reset request to Telerik Platform, using the data entered by the user.
  3. Telerik Platform finds the user account that matches the entered data and sends a password reset message to its email address.
  4. The password reset email gives the user a means of resetting their password.

Keep the following in mind:

  • The password reset email expires after 2 hours
  • Only the last email sent for a given user account is valid

You can ensure the validity of the user's email address by sending a verification email right after registering as explained in Account Verification.

This is how you request a password reset by providing a username:

public async Task RequestPasswordResetForUsername(EverliveApp app, string username)
{
    await app.WorkWith().Users().ResetPasswordForUsername(username).ExecuteAsync();
}
Public Async Function RequestPasswordResetForUsername(app As EverliveApp, username As String) As Task
    Await app.WorkWith().Users().ResetPasswordForUsername(username).ExecuteAsync()
End Function

This is how you request a password reset by providing an email address:

public async Task RequestPasswordResetForEmail(EverliveApp app, string email)
{
    await app.WorkWith().Users().ResetPasswordForEmail(email).ExecuteAsync();
}
Public Async Function RequestPasswordResetForEmail(app As EverliveApp, email As String) As Task
    Await app.WorkWith().Users().ResetPasswordForEmail(email).ExecuteAsync()
End Function

Customizing the ResetPasswordEmail Template

By default, the password reset message that users receive links to a generic page on https://platform.telerik.com/ that presents the user with a form to enter a new password. You can easily edit the email template to change its appearance or completely alter the recovery mechanism.

To edit the reset password template:

  1. Log in to the Telerik Platform portal.
  2. Click your app.
  3. Navigate to Users > Automated Emails.
  4. Select the ResetPasswordEmail table entry and then click Edit in the right-hand pane.
  5. Make your changes. When finished, click Save.

You can access the password reset code for a user in the template by adding the {{User.PasswordResetCode}} placeholder.

Using a Secret Question and Answer Pair

Another way to recover a user account is to provide the secret question and secret answer saved with it when registering the user (see Register).

public async Task SetNewUserPasswordWithSecretQuestion(EverliveApp app, string username, object secretQuestionId, string secretAnswer, string newPassword)
{
    await app.WorkWith().Users().SetNewPassword(username, secretQuestionId, secretAnswer, newPassword).ExecuteAsync();
}
Public Async Function SetNewUserPasswordWithSecretQuestion(app As EverliveApp, username As String, secretQuestionId As Object, secretAnswer As String, newPassword As String) As Task
    Await app.WorkWith().Users().SetNewPassword(username, secretQuestionId, secretAnswer, newPassword).ExecuteAsync()
End Function

Implementing a Custom Password Reset Mechanism

In case you don't want to use the built-in reset password mechanism, you can create your own mechanism using the reset code from the reset password email. You also need to acquire the new password string from the user.

Keep the following in mind:

  • The password reset code expires after 2 hours
  • Only the last issued password reset code for a given user account is valid
  • The PasswordResetCode is available only in the email template code

This is how you can implement a custom password reset mechanism:

  1. Create your own password reset web page.
  2. Customize the ResetPasswordEmail template, replacing the default URL with the URL to the web page that you created. It is important to include the {{User.PasswordResetCode}} placeholder as a URL parameter.
    Example: http://example.com/resetpassword?resetCode={{User.PasswordResetCode}}.
  3. On your web page, ask the user to enter their new password.
  4. Send the reset code and the new password to Telerik Platform using the following call:
public async Task SetNewUserPassword(EverliveApp app, string passwordResetCode, string newPassword)
{
    await app.WorkWith().Users().SetNewPassword(passwordResetCode, newPassword).ExecuteAsync();
}
 Public Async Function SetNewUserPassword(app As EverliveApp, passwordResetCode As String, newPassword As String) As Task
    Await app.WorkWith().Users().SetNewPassword(passwordResetCode, newPassword).ExecuteAsync()
End Function


Contact us: +1-888-365-2779
sales@telerik.com
Copyright © 2016-2017, Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.