GeneratePasswordResetToken (WebSecurity Ref)

The GeneratePasswordResetToken generates a password reset token for the specified user. It takes two arguments: the user account you wish to reset the password for and when the token expires in minutes. The latter is an optional parameter; the default value is 24 hours.


WebSecurity.GeneratePasswordResetToken(string user, int minutes from now)


Generally when resetting a user’s password you send the reset token to their email address. Depending on how you have configured your database you need to load the users email. The following example asks the user for their username; in the database we are using the usernames are the email, which makes it easier to send the password reset token.

C# Code

var username = "";
var msg = "";
if (IsPost)
    username = Request["username"];

    if (username.IsEmpty())
        ModelState.AddError("username", "Please enter your username");

    if (!WebSecurity.UserExists(username))
        ModelState.AddError("username", "Sorry we could not find this user");

    if (ModelState.IsValid)
          var token = WebSecurity.GeneratePasswordResetToken(username, 24);
          var pwResetURL = Request.Url.GetLeftPart(UriPartial.Authority) + "/resetpassword?token=" + token;
          var emailMessage = "Hello " + username + " you requested a password reset token please follow this link to reset your password: " +
           "<a href='" + pwResetURL + "'/>"  + "RESET PASSWORD" + "</a>";

           WebMail.Send(username, "Reset Password", emailMessage, isBodyHtml:true);

           msg = "Token sent!";

        }catch (Exception ex)
            msg = ex.Message.ToString();




<!DOCTYPE html>
<html lang="en">
        <meta charset="utf-8" />
        <form method="post">
        <input type="text" name="username"/>
               <input type="submit"/>


  • Always make sure you check that the user exists
  • Make sure you configure your email settings so the message can be sent

The above example looks like this when it arrived in our email:

Hello [] you requested a password reset token. Please follow this link to reset your password: RESET PASSWORD 

The reset link looks like this:


Request.Url.GetLeftPart(UriPartial.Authority) - only gets the protocol, domain name and extension.