Password Reset Center Workflow Activities

When users enroll for Password Self-Service Reset, EmpowerID directs them to provide answers to a series of password challenge questions that they can use to identify themselves when resetting a forgotten password. Once enrolled, users can initiate self-service resetting their passwords by clicking the Password link on the login page of the Web application. Clicking the link initiates the PasswordResetCenter workflow, which is comprised of a number of activities that control the flow for the password reset process. We discuss these activities and their role in the workflow in greater detail below.


Many of these activities are customizations of common workflow activities. For a general discussion of these activities, see Common Workflow Activities.


Workflow-Specific Properties

In addition to the activities, the workflow itself has a number of properties, known as "Dependency Properties." Dependency Properties are a special type of properties that can be bound from the workflow to one or more of the workflow's activities and vice-versa. This ensures that the state of the workflow is maintained throughout its execution. For this workflow, a number of these Dependency Properties are workflow parameters that administrators can set in the EmpowerID Web application. These parameters or properties can then be used to direct the outcome of the workflow. These properties are as follows:


PropertyCategoryTypeDescription
CheckLockoutLiveBooleanInputSpecifies whether the workflow should make a live call to Active Directory Domain Controllers to check the lockout status of the person.
AskQuestionsBooleanInputSpecifies whether the person attempting to reset their password is to be presented with their challenge questions. The default value is true; however, the property can be changed on the Workflow Parameter management page of the Web application.
AskOTPBooleanInput

Specifies whether the person attempting to reset their password is to be sent a one-time password to be used to reset their password. The default value is true; however, the property can be changed on the Workflow Parameter management page of the Web application.

AskQuestions must be set to false as well.

SendPasswordToEmailBooleanInputSpecifies whether the one-time password can be delivered to the person via their primary email address. The default value is true; however, the property can be changed on the Workflow Parameter management page of the Web application. Additionally, for the one-time password to be delivered in this manner, the person must have a primary email address registered in EmpowerID.
SendPasswordToMobileBooleanInputSpecifies whether the one-time password can be delivered to the person via their mobile phone. The default value is true; however, the property can be changed on the Workflow Parameter management page of the Web application. Additionally, for the one-time password to be delivered in this manner, the person must have a mobile number set on their person as well as have a mobile phone provider selected.
SendPasswordToPersonalEmailBooleanInputSpecifies whether the one-time password can be delivered to the person via their personal email address. The default value is true; however, the property can be changed on the Workflow Parameter management page of the Web application. Additionally, for the one-time password to be delivered in this manner, the person must have a personal email address registered in EmpowerID.
SendPasswordToTwilioSMSBooleanInputSpecifies whether the one-time password can be delivered to the person via an SMS sent by Twilio. The default value is true; however, the property can be changed on the Workflow Parameter management page of the Web application. Additionally, for the one-time password to be delivered in this manner, the person must have a mobile number set on their person and the organization must have a Twilio account registered in EmpowerID.
SendPasswordToTwilioVoiceCallBooleanInputSpecifies whether the one-time password can be delivered to the person via an automated voice call from Twilio. The default value is true; however, the property can be changed on the Workflow Parameter management page of the Web application. Additionally, for the one-time password to be delivered in this manner, the person must have a mobile number set on their person and the organization must have a Twilio account registered in EmpowerID.
TwilioOTPVoiceMessageTemplateNameStringInputSpecifies the template to be used when sending the one-time password via the Twilio API. Unless a value is specified, the default EmpowerID template will be used.
OAuthConsumerIDStringInputSpecifies the OAuthConsumerID for the PasswordResetCenter request workflow. The default value is generated by EmpowerID; however, however, the property can be changed on the Workflow Parameter management page of the Web application.
UnlockOnlyStringInputSpecifies whether to just unlock the account or to both unlock the account and reset the password. Value is input by the user. Set to false by default, this property applies only when the organization is using one-time passwords rather than challenge questions.

Silent Errors with Twilio

There are silent errors in the event log in three scenarios:

  • The phone number field requires a country code and errors silently if one is not provided.
  • If the phone number is invalid the page fails silently.
  • If a person does not have a phone number, the page shows successful when it is not.


IdentifyYourself Activity

This activity presents users with the Credentials form, which contains fields for inputting their EmpowerID login or email, as well as a Captcha to ensure the workflow is being initiated by a real person.



When setting activity properties, the following properties are important:

PropertyTypeDescription
EnabledBooleanSpecifies whether the activity is enabled or not. If an activity is not enabled it will not participate in the execution of the workflow. Set to True by default, this value should not be changed.
FormDecisionControlThis places a control on the form, such as a button, and specifies the logic that should occur when the control is interacted with. In the case of this activity, the property must be set to Requested as it is used to validate the Captcha value.
ImpersonatePersonIDInt32Specifies the person, if any, the activity is to execute under. In this case, the value is set to -1, which represents an anonymous identity. This value should not be changed.
ResourceTypeOperationIDInt32Identifies the Resource Type Operation associated with the activity. Resource Type Operations are blocks of code that when executed perform one or more actions against a selected resource object. In this case, the value is set to -1 as no operations are being executed against any resources. This value should not be changed.
SucceedExecuteCodeStringSpecifies the event handler for the activity. In general terms, event handlers contain code that is executed when the activity with the handler is encountered in a workflow. In this case the handler is an empty stub that simply allows the workflow logic to continue according to the line rules that connect it to the other activities.

AnswerQuestions Activity

This activity is executed if the AskQuestions workflow parameter is set to true and the AskOTP workflow parameter is set to false and the person initiating the workflow is successfully identified.




AnswerQuestions is a compiled activity, meaning that it is derived from another activity that has been previously developed, compiled and published into an assembly from Workflow Studio. To open or edit the original activity, right-click on AnswerQuestions and select Open/Edit Original Activity from the context menu.




Doing so opens AnswerEnrollmentQuestions activity in the Workflow Studio Activity Designer.


AnswerEnrollmentQuestions Activity

AnswerEnrollmentQuestions is a flowchart activity, which means the activity itself is comprised of a number of activities, properties and line rules that determine how the logic flows both within the activity itself and, ultimately, within the PasswordResetCenter workflow. A discussion of properties and activities follows.


The properties in the following table are properties that have been added to the activity when it was developed. Known as "Dependency Properties," these properties can be bound from activity to activity, as well as the workflow itself. This allows their values to remain consistent throughout the workflow execution. For example, the TargetPerson property is bound to the TargetPerson property in the IdentityYourself activity. You can view these properties by clicking the Properties tab located above the Activity Designer.




PropertyTypeCategoryDescription
RecoveryResultRecoveryResult
The value of this property is set dynamically during workflow execution, based on whether the person successfully answers the challenge questions. Possible values include:
  • NotEnrolled
  • Recovered
  • Lockout
  • DenyAccess
  • NotLicensed
  • FailRecovery
  • Recovering
  • EnrollmentExpired
  • InvalidEnrollment
  • UnableToRetrieveQuestions
TargetPersonPerson ComponentInputSpecifies the person performing the Self-Service Password Reset. The value is set on the IdentifyYourself activity and passed to this activity.
recoveryManagerRecoveryManagerN/AThis is used to instantiate a new instance of the base RecoveryManager class for the TargetPerson. This class has methods, properties and enums used to help the person initiating the workflow (the TargetPerson) to reset their password.
recoveryAttemptRecoveryAttemptN/AThis is used to instantiate a new instance of the base RecoveryAttemp class for the TargetPerson. This class has methods and properties for presenting the challenge questions associated with the person attempting to reset their password, and evaluating the answers to those questions. The answers provided by the person are evaluated for their . and evaluate properties and enums used to help the person initiating the workflow (the TargetPerson) to reset their password.
BasePropertiesWorkflowActivationPropertiesN/AGets and sets the base properties of the parent workflow. These properties are defined in the TheDotNetFactory.Framework.Workflow.Common.WorkflowActivationProperties class. 

When the AnswerEnrollmentQuestions activity is encountered in the workflow, the logic flows to the GetPersonQuestions activity.

GetPersonQuestions

GetPersonQuestions is a SystemCodeActivity activity with a handler that checks whether the person associated with the EmpowerID Login or email address submitted by the TargetPerson is enrolled for Password Self-Service Reset. If the person is enrolled the logic flows to the AnswerQuestion activity; if the person is not enrolled, the logic flows to the InvalidEnrollmentMessage activity and exits.

The code for the GetPersonQuestions activity is as follows. Comments have been added for clarity.

//Instantiate a new instance of the RecoveryManager class, passing in TargetPerson
recoveryManager = new RecoveryManager(TargetPerson);

//Set the RecoveryResult property to the recoveryManager status
RecoveryResult = recoveryManager.Status;

//If person is not enrolled for Password Self-Service reset display the 
//invalid enrollment message and exit the activity; otherwise, begin the recovery process
//by executing the AnswerQuestion Form activity 

if (RecoveryResult != RecoveryStatus.Recovering)
     InvalidEnrollmentMessage.Message = this.GetRecoveryStatusMessage(RecoveryResult);
else
{
    this.InitializeRecoveryAttempt();
}

//Sets the Title and Description properties for the InvalidEnrollmentMessage Bubble activity
InvalidEnrollmentMessage.ControlTitle = "EmpowerIDApplicationGeneralMessages_MessageBoxRequestStatusTitle";
InvalidEnrollmentMessage.ControlDescription = "EmpowerIDApplicationGeneralMessages_MessageBoxRequestStatusDesc";

//Sets the Title and Description properties for the AnswerQuestion Form activity
AnswerQuestion.ControlTitle = "PasswordManagerQuestions_AnswerQuestionsTitle";
AnswerQuestion.ControlDescription = "PasswordManagerQuestions_AnswerQuestionsDesc";

AnswerQuestion

If the TargetPerson is enrolled the logic flows to the AnswerQuestion activity. Answer Question is a Form activity; thus when it executes it presents a form to the user that randomly selects one of that user's challenge questions, asking them to provide the answer.



The answer is submitted to the ValidateAnswer activity, which checks whether the answer is correct and then either routes back to the AnswerQuestion activity or the InvalidEnrollmentMessage activity. The process continues until either the user correctly answers all of the challenge questions required by the Password Manager Policy that is assigned to them or becomes locked out of the Recovery Center.

ValidateAnswer

This activity is a SystemCodeActivity activity with a handler that checks whether the answer to the challenge question submitted by the TargetPerson is correct, setting the Status property on the base AnswerRecoveryQuestionResult class accordingly.


The code for the GetPersonQuestions activity is as follows. Comments have been added for clarity.


//Instantiate a new instance of the AnswerRecoveryResult class, 
//passing in the answer to the challenge question provided by the person
AnswerRecoveryQuestionResult AnswerRecoveryQuestionResult = recoveryAttemp.AnswerQuestion(AnswerQuestion.Answer);

//Set the RecoveryResult property to the AnswerRecoveryQuestionResult status
//If the person answered the question correctly, the status is set to Recovering
RecoveryResult = AnswerRecoveryQuestionResult.Status; 

//Reset the answer to an empty string for the next iteration
AnswerQuestion.Answer = "";

//If the person answered the question correctly the status is set to recovering
//and the next question is presented
if (AnswerRecoveryQuestionResult.Status == RecoveryStatus.Recovering)
{
     AnswerQuestion.Question = AnswerRecoveryQuestionResult.NextQuestion;

}
else
{
    //If the RecoveryStatus for the person is not set to Recovered and they did not correctly answer the
    //the challenge question, call SetFailedAttempt(). If the status is set to Recovered, then exit the activity    
    if (AnswerRecoveryQuestionResult.Status != RecoveryStatus.Recovered)
      {
         recoveryManager.SetFailedAttempt();

         //If the person reaches the maximum number of failed attempts set the status to 
         //Lockout; otherwise, call the InitializeRecoveryAttempt() and present the next question
         if (recoveryManager.Status == RecoveryStatus.Lockout)
         {
                 RecoveryResult = recoveryManager.Status;
                 InvalidEnrollmentMessage.Message = this.GetRecoveryStatusMessage(RecoveryResult);
         }
         else
        {
             InitializeRecoveryAttempt();
        }
     }

}

UnableToIdentifyPersonMessage Activity

UnableToIdentifyPersonManager is a Bubble activity that displays to the user the value of the Message property, which in this case is Unable to retrieve your account. This activity is only executed when the EmpowerID Login or email address submitted to the IdentifyYourself activity by the user does not belong to an EmpowerID Person.

For a general discussion of the properties associated with Bubble activities, see Bubble Activities.


SetFormOptions

This activity is a SystemCodeActivity activity with a handler that checks certain attributes on the person attempting to reset their password, as well as the corresponding workflow parameters to determine what Password Reset Options should be displayed to the user by the ResetOptions From activity. The code for the SetFormOptions activity is as follows. Comments have been added for clarity.




This activity only executes if the AskOTP workflow parameter is set to true and the AskQuestions workflow parameter is set to false. These parameters are Boolean properties of the PasswordResetCenter workflow that can be set by administrators in the Web application.


//Give the person the option to have their one-time password sent to their personal email if the
//SendPasswordToPersonalEmail parameter is true and the person has a personal email address set on their person
ResetOptions.ShowPersonalEmail = !string.IsNullOrEmpty(IdentifyYourself.TargetPerson.PersonalEmail) && (this.SendPasswordToPersonalEmail);

//Give the person the option to have their one-time password sent to their primary email address 
//if the SendPasswordToEmail parameter is true and the person has a primary email address set on their person
ResetOptions.ShowPrimaryEmail = !string.IsNullOrEmpty(IdentifyYourself.TargetPerson.Email) && (this.SendPasswordToEmail);

//Give the person the option to have their one-time password sent via a phone call if the SendPasswordToTwilioVoiceCall is set to true
//and the person has a mobile phone number set on their person and the organization has a Twilio account registered in EmpowerID  
ResetOptions.ShowVoiceCall = !string.IsNullOrEmpty(IdentifyYourself.TargetPerson.MobilePhone) && (this.OAuthConsumerID != null) && (this.SendPasswordToTwilioVoiceCall);

//Give the person the option to have their one-time password sent via a text message if the SendPasswordToTwilioSMS is set to true
//and the person has a mobile phone number set on their person and the organization has a Twilio account registered in EmpowerID  
ResetOptions.ShowSMSToMobile = !string.IsNullOrEmpty(IdentifyYourself.TargetPerson.MobilePhone) && (this.OAuthConsumerID != null) && (this.SendPasswordToTwilioSMS);

if(IdentifyYourself.TargetPerson.Email != null)
{
    ResetOptions.EmailFriendlyName = IdentifyYourself.TargetPerson.Email.Substring(0, Math.Min(4, IdentifyYourself.TargetPerson.Email.Length)) + "***********";
}
if(IdentifyYourself.TargetPerson.PersonalEmail != null)
{
    ResetOptions.PersonalEmailFriendlyName = IdentifyYourself.TargetPerson.PersonalEmail.Substring(0, Math.Min(4, IdentifyYourself.TargetPerson.PersonalEmail.Length))+ "***********";
}
string s = IdentifyYourself.TargetPerson.MobilePhone;

if(s != null)
{
     int ii = 4;
     string ss = "*";
       if (s.IndexOf("@") > 0)
            ii = s.IndexOf("@") - 1;

        for (int i = 0; i < s.Length - ii; i++)
        {
            ss = ss + "*";
        }

        s = ss + s.Substring(s.Length - ii);
            ResetOptions.MobilePhoneFriendlyName = s;
}

ResetOptions

ResetOptions is a Form activity that is executed if the AskOTP workflow parameter is set to true and the AskQuestions workflow parameter is set to false.

The form displays to the user the reset options passed to it from the SetFormOptions activity. The below image shows what the form looks like for a user when the following conditions are true:

  • The AskOTP workflow parameter is set to true
  • The AskQuestions workflow parameter is set to false
  • The SendPasswordToEmai parameter is true and the person has a primary email address set on their person
  • The SendPasswordToPersonalEmail parameter is true and the person has a personal email address set on their person



For a general discussion of Form activities and the relevant properties associated with those activities, see Form Activities.

SyncProperties

This activity is a SystemCodeActivity activity with a handler that syncs the value of the corresponding SendPersonOneTimePassword property of the ValidateTOTP activity (discussed below) with the option selected by the user on the SetFormActivity activity. It also sets the value of the UnlockOnly property on the workflow based on the input of the user.

The code for the SyncProperties activity is as follows.

ValidateTOTP.SendPersonOneTimePassword_SendPasswordToEmail = ResetOptions.PrimaryEmail;
ValidateTOTP.SendPersonOneTimePassword_SendPasswordToPersonalEmail = ResetOptions.PersonalEmail;
ValidateTOTP.SendPersonOneTimePassword_SendPasswordTwilioSMS = ResetOptions.SMSToMobile;
ValidateTOTP.SendPersonOneTimePassword_SendPasswordTwilioVoiceCall = ResetOptions.VoiceCall;

UnlockOnly = !ResetOptions.UnlockAndReset;



For a general discussion of SystemCodeActivity activities and the relevant properties associated with those activities, see SystemCodeActivity activities.

ValidateTOTP

This activity is executed if the AskOTP workflow parameter is set to true and the AskQuestions workflow parameter is set to false and the person has selected a valid reset option from the ResetOptions Form activity.




ValidateTOTP is a compiled activity, meaning that it is derived from another activity that has been previously developed, compiled and published into an assembly from Workflow Studio. As such, it inherits the properties of the those activities, which you can change as needed.


Additionally, you can modify the underlaying original activities. However, if you do so, you will need to recompile and publish them to make the changes a part of the workflow.


The relevant properties for the ValidateTOTP activity are as follows:


PropertyTypeCategoryDescription
PasswordStringInputSpecifies the one-time password. The value of this property is dynamically generated at runtime by the activity or activities in the deriving assembly.
PersonIDInt32InputSpecifies the PersonID of the of the person (TargetPerson) attempting to reset their password. The value of this property is set at runtime to the PersonID of the TargetPerson object.
MaxReTryInt32InputSpecifies the maximum number of times the person can attempt to retry entering the one-time password when prompted to do so. Set to 0 by default.
RetryCountInt32InputSpecifies the current number of retry attempts. Set to 0by default.
IsValidBooleanOutputSpecifies whether the one-time password submitted by the user is correct. Set to false by default.
SendPersonOneTimePassword_NumberOfDigitsInOneTimePasswordInt32InputSpecifies the number of digits to be included in the one-time password being sent to the person. The default value is 6.
SendPersonOneTimePassword_NumberOfLowerCaseLettersInOneTimePasswordInt32InputSpecifies the number of lower case letters to be included in the one-time password being sent to the person. The default value is 0.
SendPersonOneTimePassword_NumberOfSpecialCharactersInOneTimePasswordInt32InputSpecifies the number of special characters to be included in the one-time password being sent to the person. The default value is 0.
SendPersonOneTimePassword_NumberOfUpperCaseLettersInOneTimePasswordInt32InputSpecifies the number of upper case letters to be included in the one-time password being sent to the person. The default value is 0.
SendPersonOneTimePassword_OAuthConsumerIDStringInputSpecifies the OAuthConsumerID for the PasswordResetCenter workflow. The value for this property is derived from the OAuthConsmerID workflow property, which is bound to the OAuthConsumerID workflow parameter.
SendPersonOneTimePassword_OneTimePasswordLengthInt32InputSpecifies the number of digits, characters and letters in the one-time password being sent to the person. The default value is 6.
SendPersonOneTimePassword_OneTimePasswordValidationDurationInMinitesInt32InputSpecifies the length of time in minutes that the one-time password remains valid. If the alloted time passes before the person uses the one-time password, a new password must be sent. The default value is 10.
SendPersonOneTimePassword_SendPasswordToEmailBooleanInputSpecifies whether the one-time password can be delivered to the person via their primary email address. The default value is true; however, the property can be overridden by the SendPasswordToEmail workflow parameter. Additionally, for the one-time password to be delivered in this manner, the person must have a primary email address registered in EmpowerID.
SendPersonOneTimePassword_SendPasswordToMobileBooleanInputSpecifies whether the one-time password can be delivered to the person via their mobile phone. The default value is true; however, the property can be overridden by the SendPasswordToMobile workflow parameter. Additionally, for the one-time password to be delivered in this manner, the person must have a mobile number set on their person.
SendPersonOneTimePassword_SendPasswordToPersonalEmailBooleanInputSpecifies whether the one-time password can be delivered to the person via their personal email address. The default value is true; however, the property can be overridden by the SendPasswordToPersonalEmail workflow parameter. Additionally, for the one-time password to be delivered in this manner, the person must have a personal email address registered in EmpowerID.
SendPersonOneTimePassword_SendPasswordToTwilioSMSBooleanInputSpecifies whether the one-time password can be delivered to the person via an SMS sent by Twilio. The default value is true; however, the property can be overridden by the SendPasswordToTwilioSMS workflow parameter. Additionally, for the one-time password to be delivered in this manner, the person must have a mobile number set on their person and the organization must have a Twilio account registered in EmpowerID.
SendPersonOneTimePassword_SendPasswordToTwilioVoiceCallBooleanInputSpecifies whether the one-time password can be delivered to the person via an automated voice call from Twilio. The default value is true; however, the property can be overridden by the SendPasswordToTwilioVoiceCall workflow parameter. Additionally, for the one-time password to be delivered in this manner, the person must have a mobile number set on their person and the organization must have a Twilio account registered in EmpowerID.
SendPersonOneTimePassword_OneTimePasswordStringOutputThis specifies the one-time password to be sent to the user. The value of this property is dynamically generated at runtime by the activity or activities in the deriving assembly.

To open or edit the original activity from which ValidateOTP is based, right-click on ValidateTOTP and select Open/Edit Original Activity from the context menu.

Doing so opens the ValidatePersonTOTP activity in the Workflow Studio Activity Designer.

ValidatePersonTOTP

AnswerEnrollmentQuestions is a flowchart activity, which means the activity itself is comprised of a number of activities, properties and line rules that determine how the logic flows both within the activity itself and, ultimately, within the PasswordResetCenter workflow. A discussion of properties and activities follows.


As ValidatePersonTOTP is not compiled from another activity, its properties are set on the activity itself. These type of properties are known as "Dependency Properties." Dependency Properties are properties that can be bound from activity to activity, as well as to the workflow itself. For example, the TargetPerson property is bound to the TargetPerson property in the IdentityYourself activity. You can view these properties by clicking the Properties tab located above the Activity Designer.




PropertyTypeCategoryDescription
TargetPersonPerson ComponentInputThis is a Dependency Property that derives its value from the EmpowerID Person identified in the IdentityYourSelf activity.
PersonIDInt32InputThis is the PersonID of the TargetPerson.
IsValidBooleanOutputReturns true or false based on whether the one-time password submitted by the person is valid.
PasswordStringInputThis is the one-time password generated for the person.
RetryCountInt32MiscSpecifies the current number of retry attempts.
MaxReTryInt32MiscSpecifies the maximum number of times the person can attempt to retry entering the one-time password when prompted to do so.
BasePropertiesWorkflowActivationProperties
Gets and sets the base properties of the parent workflow. These properties are defined in the TheDotNetFactory.Framework.Workflow.Common.WorkflowActivationProperties class.

SendPersonOneTimePassword

When ValidatePersonTOTP executes, the logic flows to the SendOneTimePassword activity. This activity is also a flowchart activity, comprised of its own set of activities, properties and line rules. A discussion of the properties and activities within this activity follows below.



SendPersonOneTimePasswordActivity Activity Properties

PropertyTypeCategoryDescription
EmailAddressStringInputThis is the primary email address of the person who is attempting to reset their password. The value is derived from the TargetPerson object.
EmailBodyStringInputThis is the body of the email containing the one-time password. The default value is an empty string, which means the body is dynamically generated at runtime by the activity or activities in the deriving assembly.
EmailMessageIDInt32InputThis specifies the ID for the EmailMessage template to be used. The default value is 0, which means the email message is dynamically generated at runtime by the activity or activities in the deriving assembly.
EmailSubjectStringInputThis is the subject of the email containing the one-time password. The default value is an empty string, which means the body is dynamically generated at runtime by the activity or activities in the deriving assembly.
NumberOfDigitsInOneTimePasswordInt32InputSpecifies the number of digits, in any, to be included in the one-time password. The default value is 6.
NumberOfLowerCaseLettersInOneTimePasswordInt32InputSpecifies the number of lower case letters, in any, to be included in the one-time password. The default value is 0.
NumberOfSpecialCharactersInOneTimePasswordInt32InputSpecifies the number of special characters, in any, to be included in the one-time password. The default value is 0.
NumberOfUpperCaseLettersInOneTimePasswordInt32InputSpecifies the number of upper case letters, in any, to be included in the one-time password. The default value is 0.
OAuthConsumerIDStringInputSpecifies the OAuthConsumerID for the workflow. The value is derived from the workflow.
OneTimePasswordLengthInt32InputSpecifies the total number of digits, characters and letters for the one-time password. The default value is set to 6.
OneTimePasswordValidityDurationInMinitesInt32InputSpecifies the number of minutes the one-time password remains valid. The default value is set to 10.
SendPasswordToEmailBooleanInputSpecifies whether the password can be sent to the person's primary email address. The value is set to true by default; however, the value can be overridden by the corresponding workflow parameter in the Web application.
SendPasswordToMobileBooleanInputSpecifies whether the password can be sent to the person's Mobile device. The value is set to true by default; however, the value can be overridden by the corresponding workflow parameter in the Web application.
SendPasswordToPersonalEmailBooleanInputSpecifies whether the password can be sent to the person's personal email address. The value is set to true by default; however, the value can be overridden by the corresponding workflow parameter in the Web application.
SendPasswordTwilioSMSBooleanInputSpecifies whether the password can be sent as a voice message to the person's mobile phone via the Twilio API. The value is set to false by default; however, the value can be overridden by the corresponding workflow parameter in the Web application.
SendPasswordTwilioVoiceCallBooleanInputSpecifies whether the password can be sent as a voice message to the person's mobile phone via the Twilio API. The value is set to false by default; however, the value can be overridden by the corresponding workflow parameter in the Web application.
SMSMessageStringInputSpecifies the SMS message for the one-time password. The default value is an empty string, which means the body is dynamically generated at runtime by the activity or activities in the deriving assembly.
TargetPersonPerson ComponentInputThis is the person attempting to reset their password. The value is set to none by default as the value is set dynamically at workflow runtime.
TwilioOTPVoiceMessageTemplateNameStringInputSpecifies the template to be used when sending the one-time password via the Twilio API. The default value is empty, meaning that the default EmpowerID template will be used.
OneTimePasswordStringOutputThis is the one-time password that is dynamically generated at runtime by the activity or activities in the deriving assembly.

To open or edit the original activity, right-click on SendPersonOneTimePassword and select Open/Edit Original Activity from the context menu.

Doing so opens the SendOneTimePasswordActivity activity in the Workflow Studio Activity Designer.

SendOneTimePasswordActivity

SendOneTimePasswordActivity is comprised of a number of properties, activities and line rules that determine the flow of logic within the activity itself and ultimately within the PasswordResetCenter workflow. These properties, activities and line rules are as follows.


The properties in the following table are properties that have been added to the activity when it was developed. Known as "Dependency Properties," these properties can be bound from activity to activity, as well as the workflow itself. This allows their values to remain consistent throughout the workflow execution. For example, the TargetPerson property is bound to the TargetPerson property in the IdentityYourself activity. You can view these properties by clicking the Properties tab located above the Activity Designer.




SendOneTimePasswordActivity Activity Properties

PropertyTypeCategoryDescription
EmailSubjectStringInputThis is the subject of the email containing the one-time password. The value is set dynamically by the GenerateOTP activity.
EmailBodyStringInputThis is the body of the email containing the one-time password. The value is set dynamically by the GenerateOTP activity.
SendPasswordToMobileBooleanInputSpecifies whether the password can be sent to the person's Mobile device. The value is set on the ValidatePersonTOTP activity, but can be overridden by the corresponding workflow parameter in the Web application.
SendPasswordToEmailBooleanInputSpecifies whether the password can be sent to the person's primary email address. The value is set on the ValidatePersonTOTP activity, but can be overridden by the corresponding workflow parameter in the Web application.
SendPasswordToPersonalEmailBooleanInputSpecifies whether the password can be sent to the person's personal email address. The value is set on the ValidatePersonTOTP activity, but can be overridden by the corresponding workflow parameter in the Web application.
TargetPersonPerson ComponentInputThis is a Dependency Property that derives its value from the EmpowerID Person submitted to the workflow during the execution of the IdentityYourSelf activity.
OneTimePasswordValidityDurationInMinitesInt32InputSpecifies the number of minutes the one-time password remains valid. The value is set on the ValidatePersonTOTP activity.
OneTimePasswordStringOutputThis is the one-time password that is generated when the code in the GenerateOTP activity is executed.
OneTimePasswordLengthInt32InputSpecifies the total number of digits, characters and letters for the one-time password. minutes the one-time password remains valid. The value is set on the ValidatePersonTOTP activity and used when the password is created in the GenerateOTP activity.
NumberOfSpecialCharactersInOneTimePasswordInt32InputSpecifies the number of special characters, in any, to be included in the one-time password. The value is set on the ValidatePersonTOTP activity and used when the password is generated by the GenerateOTP activity.
NumberOfDigitsInOneTimePasswordInt32InputSpecifies the number of digits, in any, to be included in the one-time password. The value is set on the ValidatePersonTOTP activity and used when the password is generated by the GenerateOTP activity.
NumberOfUpperCaseLettersInOneTimePasswordInt32InputSpecifies the number of upper case letters, in any, to be included in the one-time password. The value is set on the ValidatePersonTOTP activity and used when the password is generated by the GenerateOTP activity.
NumberOfLowerCaseLettersInOneTimePasswordInt32InputSpecifies the number of lower case letters, in any, to be included in the one-time password. The value is set on the ValidatePersonTOTP activity and used when the password is generated by the GenerateOTP activity.
EmailAddressStringInputThis is the primary email address for the person (derived from the TargetPerson) resetting their password. If the value is not null, it is injected into the workflow by the GenerateOTP activity.
SendEmailToTwilioVoiceCallBooleanInputSpecifies whether the password can be sent as a voice message to the person's mobile phone via the Twilio API. The value is set on the ValidatePersonTOTP activity, but can be overridden by the corresponding workflow parameter in the Web application.
OAuthConsumerIDStringInputThis is the OAuthConsumerID for the workflow.
SendPasswordTwilioSMSBooleanInputSpecifies whether the password can be sent as a voice message to the person's mobile phone via the Twilio API. The value is set on the ValidatePersonTOTP activity, but can be overridden by the corresponding workflow parameter in the Web application.
TwilioOTPVoiceMessageTemplateNameStringInputSpecifies template to be used when sending the one-time password via the Twilio API. The value is set on the ValidatePersonTOTP activity. If no value is specified, the default template is used.
SMSMessageStringInputThis is the SMS message for the one-time password. The value is set dynamically by the GenerateOTP activity.
EmailMessageIDInt32InputThis is the SMS message for the one-time password. The value is set dynamically by the GenerateOTP activity.
BasePropertiesWorkflow 
ActivationProperties
N/AGets and sets the base properties of the parent workflow. These properties are defined in the TheDotNetFactory.Framework.Workflow.Common.WorkflowActivationProperties class.

SendOneTimePasswordActivity activity is comprised of two child activities, a SystemCodeActivity activity named GenerateOTP and a RuleDecisionActivity activity named ruleDecisionActivity1.

GenerateOTP

GenerateOTP is a SystemCodeActivity activity with handler that when executed generates a one-time password, sending it to one or more of the activities in the ruleDecisionActivity1 activity. The determining factor for which activities receive the one-time password is determined by the value of the workflow parameters discussed above, as well as the presence of the necessary person attributes and organizational resources (such as Twilio).


The code for the GenerateOTP activity is as follows. Comments have been added for clarity.


//Set the one-time password using the CryptoHelper class, passing in the property values set on the
//ValidateTOTP activity
OneTimePassword =  CryptoHelper.GetStrongPassword(OneTimePasswordLength,NumberOfSpecialCharactersInOneTimePassword,
                        NumberOfDigitsInOneTimePassword,
                        NumberOfUpperCaseLettersInOneTimePassword,
                        NumberOfLowerCaseLettersInOneTimePassword);

//Set the one-time password on the person, passing in the password and the validation time
 TargetPerson.SetOneTimePassword(OneTimePassword,OneTimePasswordValidityDurationInMinites);

 //If no template is specified use the default
 if (string.IsNullOrEmpty(TwilioOTPVoiceMessageTemplateName))
    TwilioOTPVoiceMessageTemplateName = "TwilioOTPVoiceMessage";

//Instantiate a new instance of EmailMessage for the Twilio template
 C.EMailMessage voiceMessageTemplate =  C.EMailMessage.GetByName(TwilioOTPVoiceMessageTemplateName);

//Loop through the characters in OneTimePassword, adding each to the voiceOTP
 string voiceOTP =  "";
 foreach(char c in OneTimePassword)
     voiceOTP += c + " ";

//Send voice message with OneTimePassword to person using Twilio
 SendUsingTwilio.VoiceMessage = "Please enter this security code when prompted: " + voiceOTP;
 if (voiceMessageTemplate != null)
     SendUsingTwilio.VoiceMessage =  voiceMessageTemplate.EMailBody.Replace("{PassCode}",voiceOTP);

//Set the SMS subject and body
 if (string.IsNullOrEmpty(SMSMessage))
     SendUsingTwilio.SMSMessage = "Please enter this security code when prompted: " + OneTimePassword;
 else
     SendUsingTwilio.SMSMessage = SMSMessage.ToEmpowerIDLocalizedString().Replace("{PassCode}",OneTimePassword);

//Set the email subject and body
 if (string.IsNullOrEmpty(EmailSubject))
     EmailSubject = "Your one-time login security code";

  if (string.IsNullOrEmpty(EmailBody))
     EmailBody = "Please enter this security code when prompted: " + OneTimePassword;

//Set SMS body and subject on the SendSMS activity within ruleDecisionActivity1
SendSMS.Body = EmailBody.TrimEnd();
SendSMS.Subject = EmailSubject;

//Set email body and subject on the SendEmail activity within ruleDecisionActivity1
SendEmail.Body = EmailBody.TrimEnd();
SendEmail.Subject = EmailSubject;

//Send email if the person has either a primary or personal email address and one or both of those related workflow parameters are true
SendEmail.ToEmail = "";
if (!string.IsNullOrEmpty(EmailAddress))
     SendEmail.ToEmail = EmailAddress;
else {
        if (!string.IsNullOrEmpty(TargetPerson.Email) && SendPasswordToEmail)
            SendEmail.ToEmail +=  TargetPerson.Email + ";";
        if (!string.IsNullOrEmpty(TargetPerson.PersonalEmail) && SendPasswordToPersonalEmail)
            SendEmail.ToEmail +=  TargetPerson.PersonalEmail;
        SendEmail.ToEmail = SendEmail.ToEmail.TrimEnd(';');
}

System.Text.RegularExpressions.Regex _digitRegex = new System.Text.RegularExpressions.Regex(@"\d+", System.Text.RegularExpressions.RegexOptions.Compiled);
System.Text.RegularExpressions.MatchCollection matches = _digitRegex.Matches(TargetPerson.MobilePhone.ToSafeString());

StringBuilder digitBuilder = new StringBuilder();

    foreach (System.Text.RegularExpressions.Match match in matches)
    {
        digitBuilder.Append(match.Value);
    }

     SendUsingTwilio.PhoneNumber = digitBuilder.ToString();

//Send SMS if person has a mobile phone provider and mobile phone registered in EmpowerID and the related workflow parameter is true
if (TargetPerson.MobilePhoneProviderID != null && !string.IsNullOrEmpty(TargetPerson.MobilePhone))
{
    SendSMS.ToEmail = digitBuilder + TargetPerson.MobilePhoneProviderIDSource.SMSGatewaySuffix;
}


ruleDecisionActivity1

ruleDecisionActivity1 is a RuleDecisionActivity activity. RuleDecisionActivity activities are similar to System Parallel activities in that they are comprised of two or more branches of activities with rules that only allow the logic associated with those branches to be executed when the conditions for the rule is met. For this particular activity, there are three branches with conditions set by the workflow.



The code for the GenerateOTP activity is as follows. Comments have been added for clarity.

These branches are as follows:

  • SMS — The activity in this branch is an Operation activity that executes if the SendPasswordToMobile property is set to True.
  • SendEmail — The activity in this branch is an Operation activity that executes if either the SendPasswordToPersonalEmail property or the SendPasswordToEmail property on the workflow is set to True and the person has an email address.
  • Twilio — The activity in this branch is an Operation activity that executes if either the SendPasswordTwilioSMS or the SendPasswordTwilioVoiceCallproperty on the workflow is set to True.
In this article