Remove From My Forums

Is SSL needed when sending a password reset link email? (using Asp.net Identity 2)

Question
0

Sign in to vote

User-478471953 posted

We are using asp.net Identity 2.0.

When send the user a password reset link in an email, is it necessary to use SSL enabled email?

Is it still secure without using SSL email?

Thanks

Thursday, August 18, 2016 3:53 PM

Answers

0

Sign in to vote
User-2057865890 posted

Hi MinglongC,

If SMTP server you are connecting is required SSL, you must enable it.

The default value for SmtpClient.EnableSsl Property is false. The EnableSsl property specifies whether SSL is used to access the specified SMTP mail server.

Specify whether the SmtpClient uses Secure Sockets Layer (SSL) to encrypt the connection.

For more details, read the Remarks section of the docs on MSDN.

Best Regards,

Chris
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Sunday, August 28, 2016 7:25 AM

All replies

0

Sign in to vote

User-2057865890 posted

Hi Minglong,

Visit the link below to get detailed steps for that.
https://docs.asp.net/en/latest/security/authentication/accconfirm.html#require-ssl
http://www.asp.net/identity/overview/features-api/account-confirmation-and-password-recovery-with-aspnet-identity
http://bitoftech.net/2015/02/03/asp-net-identity-2-accounts-confirmation-password-user-policy-configuration/
http://projectsaas-document.readthedocs.io/zh_CN/latest/security/accconfirm.html

Regards

Chris

Friday, August 19, 2016 10:39 AM
0

Sign in to vote

User-478471953 posted

Thanks for answer Chris.

My application is using asp.net Forms and is already SSL only.

But my question is specifically about emailing the password reset link to the user when using asp.net identity.

Is it required to use SSL enabled email when sending the password reset link?

For example, some sample code has the statement "smtpClient.EnableSsl = true" when setting up the email client; some don't. So I am not sure.

What most people normally do?

Friday, August 19, 2016 12:03 PM
0

Sign in to vote

User-129908252 posted

To Send an EMAIL using System.Net.Mail and SSL you must use the port no : 587.

While Sending an Email we need to enable the SSL from Client side.

The System.Net.Mail or smtpclient class does not support Implicit SSL.

Its support explicit SSL which requires an insecure connection to the SMTP server.

First Establish a SSL Connection then excute the SMTP transaction.

Monday, August 22, 2016 1:01 PM
0

Sign in to vote

User-478471953 posted

Sorry, my question is: If it is necessary to use SSL enabled email to send the password reset link to the user, not how to send an SSL email.

Thanks

Monday, August 22, 2016 2:01 PM
0

Sign in to vote
User-2057865890 posted

Hi MinglongC,

If SMTP server you are connecting is required SSL, you must enable it.

The default value for SmtpClient.EnableSsl Property is false. The EnableSsl property specifies whether SSL is used to access the specified SMTP mail server.

Specify whether the SmtpClient uses Secure Sockets Layer (SSL) to encrypt the connection.

For more details, read the Remarks section of the docs on MSDN.

Best Regards,

Chris
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Sunday, August 28, 2016 7:25 AM

Answered by:

Is SSL needed when sending a password reset link email? (using Asp.net Identity 2)

Question

Answers

All replies