For more information on how to enable reset password ...
` element which contains a link to this article. [!code-html[Main](accconfirm/sample/WebApp1/Views/Account/ForgotPassword.cshtml?highlight=7-10,12,28)] --- ## Register, confirm email, and reset password Run the web app, and test the account confirmation and password recovery flow. * Run the app and register a new user ![Web application Account Register view](accconfirm/_static/loginaccconfirm1.png) * Check your email for the account confirmation link. See [Debug email](#debug) if you don't get the email. * Click the link to confirm your email. * Log in with your email and password. * Log off. ### View the manage page Select your user name in the browser: ![browser window with user name](accconfirm/_static/un.png) You might need to expand the navbar to see user name. ![navbar](accconfirm/_static/x.png) # [ASP.NET Core 2.x](#tab/aspnet20) The manage page is displayed with the **Profile** tab selected. The **Email** shows a check box indicating the email has been confirmed. ![manage page](accconfirm/_static/rick2.png) # [ASP.NET Core 1.x](#tab/aspnet1x) We'll talk about this page later in the tutorial. ![manage page](accconfirm/_static/rick2.png) --- ### Test password reset * If you're logged in, select **Logout**. * Select the **Log in** link and select the **Forgot your password?** link. * Enter the email you used to register the account. * An email with a link to reset your password will be sent. Check your email and click the link to reset your password. After your password has been successfully reset, you can login with your email and new password. ### Debug email If you can't get email working: * Review the [Email Activity](https://sendgrid.com/docs/User_Guide/email_activity.html) page. * Check your spam folder. * Try another email alias on a different email provider (Microsoft, Yahoo, Gmail, etc.) * Create a [console app to send email](https://sendgrid.com/docs/Integrate/Code_Examples/v2_Mail/csharp.html). * Try sending to different email accounts. **Note:** A security best practice is to not use production secrets in test and development. If you publish the app to Azure, you can set the SendGrid secrets as application settings in the Azure Web App portal. The configuration system is setup to read keys from environment variables. ## Prevent login at registration With the current templates, once a user completes the registration form, they are logged in (authenticated). You generally want to confirm their email before logging them in. In the section below, we will modify the code to require new users have a confirmed email before they are logged in. Update the `[HttpPost] Login` action in the *AccountController.cs* file with the following highlighted changes. [!code-csharp[Main](accconfirm/sample/WebApp1/Controllers/AccountController.cs?highlight=11-21&name=snippet_Login)] **Note:** A security best practice is to not use production secrets in test and development. If you publish the app to Azure, you can set the SendGrid secrets as application settings in the Azure Web App portal. The configuration system is setup to read keys from environment variables. ## Combine social and local login accounts Note: This section applies only to ASP.NET Core 1.x. For ASP.NET Core 2.x, see [this](https://github.com/aspnet/Docs/issues/3753) issue. To complete this section, you must first enable an external authentication provider. See [Enabling authentication using Facebook, Google and other external providers](social/index.md). You can combine local and social accounts by clicking on your email link. In the following sequence, "RickAndMSFT@gmail.com" is first created as a local login; however, you can create the account as a social login first, then add a local login. ![Web application: RickAndMSFT@gmail.com user authenticated](accconfirm/_static/rick.png) Click on the **Manage** link. Note the 0 external (social logins) associated with this account. ![Manage view](accconfirm/_static/manage.png) Click the link to another login service and accept the app requests. In the image below, Facebook is the external authentication provider: ![Manage your external logins view listing Facebook](accconfirm/_static/fb.png) The two accounts have been combined. You will be able to log on with either account. You might want your users to add local accounts in case their social log in authentication service is down, or more likely they have lost access to their social account.