...
Recovering the password with email notification can be achived using the exposed UserInformationRecoveryService exposed UserInformationRecoveryService where the WSDL can be found in the following URL of your Identity Server installation: https://localhost:9443/services/UserInformationRecoveryService?wsdl.
The service security is implemented using Captcha and confirmation codes having expiryexpire after a while. Also for each communication, the generated confirmation code will be is not reused the by the service. This makes the services secure and fails repeated attempts to access the same service. Hence the sequence of calls which the Calling Application must do is as follows for email-based recovery.:
- getCaptcha() - Generates a captcha.
- verifyUser() - Validates the captcha answer and username and returns a new key.
- sendRecoveryNotification() - Send an email notification with a confirmation code to the user. Need to provide the key from previous call.
- getCaptcha() - Generates a captcha when the user clicks on the URL.
- verifyConfirmationCode() - Validates the captcha answer and confirmation code. This returns a key.
- updatePassword() - Updates the password in the system. Need to provide the key from previous call, new password and returns the status of the update, true or false.
...