Bug #60289 asp:PasswordRecovery control fails to send password that you can then login with
Submitted: 1 Mar 2011 10:25 Modified: 9 Mar 2011 9:53
Reporter: Bugs System Email Updates:
Status: Not a Bug Impact on me:
None 
Category:Connector / NET Severity:S3 (Non-critical)
Version:6.3.6 OS:Any
Assigned to: CPU Architecture:Any
Tags: .NET Connector asp:PasswordRecovery

[1 Mar 2011 10:25] Bugs System 
Description:

I'm converting over my app from MSSqlServer Membership Provider and i can't get the the asp:PasswordRecovery control to work. I've got the asp:ChangePassword control working fine and everything else looks good.

I have tried many different combinations of settings and i have this working fine in the MS Membership Provider so it's either an issue or there are some different settings required when using MySQL Membership Provider that i've missed. 

How to repeat:

These are my membership settings, hopefully pretty default but i've specified the Hashed passwords and left to system to decide which hash algorithum to use.

<membership defaultProvider="MySQLMembershipProvider">
<providers>
<remove name="MySQLMembershipProvider"/>
<add name="MySQLMembershipProvider" type="MySql.Web.Security.MySQLMembershipProvider, MySql.Web, Version=6.3.6.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d"
applicationName="/gameodyssey"
description="Game Odyssey"
connectionStringName="LocalMySqlServer"
writeExceptionsToEventLog="True"
autogenerateschema="True"
enablePasswordRetrieval="False"
enablePasswordReset="True"
requiresQuestionAndAnswer="True"
requiresUniqueEmail="False"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""/>
</providers>
</membership>

This is my control as it's place in the aspx page

<asp:PasswordRecovery ID="RecoverPwd" runat="server" OnSendingMail="RecoverPwd_SendingMail">
<MailDefinition BodyFileName="~/Templates/PasswordRecovery.htm"
Subject="Your password has been reset..."
IsBodyHtml="True">
</MailDefinition>
</asp:PasswordRecovery>

So step to reproduce are, these are all on the default webserver with visual studio.

1. Create new user.
2. Goto web page for password recovery.
3. Recieve email with new password which is something like

'I%/>e3/O'

4. Try to login and you get

Your login attempt was not successful. Please try again.
[3 Mar 2011 8:37] Bogdan Degtyariov 
Hi Tim,

Can you please attach a complete Visual Studio Web project with the test case?
This would be really helpful in diagnosing and fixing the problem.
Thanks.
[3 Mar 2011 11:53] Bugs System 
Hi,

Let me know if there's any issues with anything missing and i'll add them up. The project is using the web profile builder from here http://archive.msdn.microsoft.com/WebProfileBuilder/Release/ProjectReleases.aspx?ReleaseId....

Thanks,
Tim.
[4 Mar 2011 18:09] Bugs System 
Hey Bogdan,

Do you have any update or can you give a time when you think you'll be able to take a look at this issue.

Thanks,
Tim.
[9 Mar 2011 5:11] Bogdan Degtyariov 
Hi Tim,

Thanks for sending the test project. It took me a while to do a proper setup for it (mostly because of SMTP server).

Unfortunately, I could not repeat the problem: after receiving the password recovery email I tried the password, which allowed me to log in successfully.

Though, I made some changes into the project and they could be the reason of not being able to reproduce the problem:

my system does not have a local SMTP server, so I tried to use a test GMail account. However, gmail SMT requires SSL/TLS authentication, which cannot be configured through web.config. So, I added a new handler to RecoverPassword.aspx.cs:

        protected void RecoverPwd_SendingMail(object sender,
        MailMessageEventArgs e)
        {
          MailMessage mm = new MailMessage();

          mm.From = e.Message.From;

          mm.Subject = e.Message.Subject.ToString();

          mm.To.Add(e.Message.To[0]);

          mm.Body = e.Message.Body;
          mm.IsBodyHtml = true;
          SmtpClient smtp = new SmtpClient();
          smtp.EnableSsl = true;

          smtp.Send(mm);
          e.Cancel = true; 
        }

There is another explanation why it could happen for you because it happened for me once. The new password is very hard to remember, so I copy/pasted it including the space at the end (which of course was a mistake). After removing the space everything worked perfectly.
[9 Mar 2011 9:35] Bugs System 
Hey Bogdan,

Yes your right i'm really sorry about that i was cutting and pasting it and i think catching a new line or something in there. I hand typed it and it was fine.

Thanks for looking at it.
Tim.
[9 Mar 2011 9:53] Bogdan Degtyariov 
Tim, thanks for the update.
Setting the status "Not a bug".