Do you have problems with users who cannot use Forgot Password option?

Here’s a scenario. We use Email address as user name in ASP.NET
2.0 Membership provider. There were several places where we used to
create user accounts using this:

Membership.CreateUser( email,
password );

We did not notice what it was doing. After some days, users
started complaining. This is what users said whose account was
automatically created by the above code:


I got the email invitation. I went to your site. I tried login,
it said user name or password is wrong. So, I tried Signup. Signup
said user name already taken. Then I went to forgot password to
retrieve the password. It shows something is wrong and password
email cannot be sent.

I am stuck. Please help!”

Here’s the problem. When we use the above code, it creates a row
in aspnet_users table using the email address as user name. Fine no
problem. But in aspnet_membership table, the row it creates
contains Email is NULL. So, user cannot use “Forgot Password”
option to request the password because the email address is null.
Out database contained 908 of such unfortunate users, so we had to
run the following SQL to fix it:

update aspnet_membership set email =
( select username from aspnet_users where applicationID =
userID = aspnet_membership.userID) ,loweredemail
= ( select loweredusername from aspnet_users where applicationid =
userid = aspnet_membership.userID) where loweredemail is null
and applicationID =

The applicationID is something which you need to specify for
your own application. You can find the ID from aspnet_application

Then we changed the code to create user accounts to this:

Membership.CreateUser( email,
password, email );

The 3rd parameter is the email address. We did not notice

5 thoughts on “Do you have problems with users who cannot use Forgot Password option?”

  1. An interesting find from Omar. Especially important for you ASP.NET 2.0 developers if you do any work

Leave a Reply