tags:

views:

102

answers:

4
Q: 

C# Rollback sendemail

I wrote a code to recover passwrod in my website.The user enter his email address and we send a new password to him.In additcion,we also change his password in DB to newest password.

Problem: If code for send mail fails,i cant change his password in DB,and if code to change password fails i cant send mail.

Take a look:

public bool RecoverPassword(string email)
        {
            try
            {
                SceLoginMail sceEmail = new SceLoginMail(email, "Recuperação de senha", 5);
                ChangeUserPassword(sceEmail.NovaSenha, email);
                sceEmail.SendEmail();
                sceUsers.CommitOrRollBack(true);
                return true;
            }
            catch (Exception ex)
            {
                sceUsers.CommitOrRollBack(false);
                return false;
            }
        }

I try to rollback in DB if an exceptions occurs in SendEmail method.But,i cant "RollBack" the SendMail method if an exceptions throws in CommitOrRollback method.If so,system will send the mail and wont change it on DB.

Any ideias?

+3  A: 

Don't send the email until after the database transaction (and anything else that affects the validity of the new password) has completed. That way, if it throws an exception, the SendEmail() call never gets executed.

djacobson  2010-08-30 20:12:32
Then if an exception fire in SendMail() method,i did change his password,and didnt send the mail.The use wont be able to acess the system,cause his password has changed and he dont know to what.
 2010-08-30 20:15:11
@ozsenegal - provide an email address for customer support for those marginal cases. If network outages and other technical problems are a real concern, use message queues to send the emails out-of-band. In the end though, there's only so much a technical solution can do here: the user may just have provided an invalid (or incorrect) address.
Jeff Sternal  2010-08-30 20:18:09
@ozsenegal - Sure, but you can trap and (presumably, unless your mailserver is on fire) recover from / retry the email. If you absolutely cannot accept **either** password change or SendEmail occurring unless **BOTH** succeed, you'll need to implement more-sophisticated logic for determining when to truly commit the DB change than a simple rollback in the exception handler.
djacobson  2010-08-30 20:20:13
+2  A: 

Doesn't matter much if you assign a new password and it doesn't get sent for some reason. The user already doesn't know his/her password. The email won't show up, and they will request it again. So commit the DB, and do a send, in that order.

EJB  2010-08-30 20:14:52
A: 

See, the action to request for password change and request to get email for the changed password is separate phenomenon.

When user requests the change of password, you just invoke the statement to update the database with the new password. After its updated, try sending the mail.

It is better to have a Mail Outbox in. So that when the email sending fails, it is stored in the database table outbox and which you should periodically try out after a Threshold time.

This would ensure that you keep trying sending that mail to the user.

abhishek  2010-08-30 20:18:49
+1  A: 

Instead of resetting the password in response to the "I lost my password" request, send the user an email with a unique, single-use, time-bounded reset URL. Only reset the password if that URL is visited within the allowed time.

This has two benefits:

  1. The password is only reset if the email is successfully sent and received.
  2. If someone other than the person the account belongs performs the "I lost my password" request (whether by accident or on purpose), the legitimate account-holder doesn't have his/her password unexpectedly become invalid.
ThatBlairGuy  2010-08-30 21:13:03

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?