Implications when users auto-reset passwords via a webform

G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

I am researching ways to implement a webform to let users answer "secret"
questions on a webform. Upon a match of 3 or more questions/answers against
a SQL database, I would go ahead and reset the password for the individual.
This would be used primarily for student account password reset in labs,
available on in my internal company.

In your experience do you think how complex it is to implement such system ?
I mean, it sounds to me simple put together an ASP.NET webform that fist
requests that users input anwers to unique questions. Then later I make a
workstation or two per building available where students can go in case they
forget their information. Just save the questions/answers in a secure SQL
db.

If you have implemented such password recovery system, please let me know
how it is working for you.
 

Barry

Distinguished
Apr 1, 2004
346
0
18,780
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Marlon Brown wrote:
> I am researching ways to implement a webform to let users answer "secret"
> questions on a webform. Upon a match of 3 or more questions/answers against
> a SQL database, I would go ahead and reset the password for the individual.
> This would be used primarily for student account password reset in labs,
> available on in my internal company.
>
> In your experience do you think how complex it is to implement such system ?
> I mean, it sounds to me simple put together an ASP.NET webform that fist
> requests that users input anwers to unique questions. Then later I make a
> workstation or two per building available where students can go in case they
> forget their information. Just save the questions/answers in a secure SQL
> db.
>
> If you have implemented such password recovery system, please let me know
> how it is working for you.
>
>

sounds pretty simple to me. setting passwords via asp is no real issue,
and neither is querying an sql db.

Only thing I can think of that may cause problems is that they'd have to
log in to the website as a domain admin, or set the anonymous account in
IIS with the right permissions in order for the site to have the proper
creds to reset the p/w.

good luck