I am using ASP.NET MVC with ASP.NET membership.
Following best practices for 'i forgot my password logic' I want to do the following :
- send the user an email with a link to a unique, hidden URL that allows him to change his password
- asking for a password reset does NOT reset the password. you need the unique link.
I'm looking for suggestions on the best way to generate this URL, make it valid only temporarily and then validate it. I think the ASP.NET membership standard way is to have a 'security question' which is really a lousy way of doing it.
What would be the best way to generate and validate such a link. SHould I just generate a GUID and put it in the user's profile? I dont think there is any other pre-built right?