1) firstUser was created when membership module had requiresQuestionAndAnswer set to false, while secondUser was created when requiresQuestionAndAnswer was set to true.
-
If we try to recover pwd via PasswordRecovery PR control and we set requiresQuestionAndAnswer to true, then PR doesn’t email password to firstUser, but it does to secondUser.
-
If we set requiresQuestionAndAnswer to false, then PR does email pwd to secondUser (it skips the question/answer stage). But why doesn’t PR also email pwd to firstUser?
2) I’ve read somewhere that if membership provider stores password in hashed form, then the PR will generate a new pwd and email it to the user. But instead I get an exception. Is there some property we must configure for PR to generate new pwd and email it?
thanx
UPDATE:
1) For some reason it works now. Namely, if we set requiresQuestionAndAnswer to false, then PR also sends email to firstUser
2) If passwords are stored in hashed form, then if:
a) enablePasswordRetrieval="true" and enablePasswordReset is set to either true or false –> PR generates exception
b) if enablePasswordRetrieval="false" and enablePasswordReset="false" –> PR generates exception
c) if enablePasswordRetrieval is set to false and enablePasswordReset is set to true, then PR automatically generates new pwd and emails it.
Similarly, if pwd is not hashed, but we have enablePasswordRetrieval="false", then enablePasswordReset must be set to true (so that PR generates a new pwd and emails it), else we get an exception
Best Answer
if you want to generate your own password and you have q&a set to true, you need to make a second membership provider.
Here is a link: http://peterkellner.net/2007/02/15/resetpasswordaspnet/