Share via

BUG: ASP.net 2.0 PasswordRecovery Web Control cannot send emails to SSL enabled SMTP Servers

  • Article

This is a known issue or you can also call it as product limitation. PasswordRecovery control read most of the settings from web.config file. Internally it uses System.Net.Mail to send out email, which does not support reading EnableSSL setting from web.config. This bring us into a situation where PasswordRecovery control cannot send emails to SSL enabled smtp servers.

So when a user tries to send a email to SSL enable server using PasswordRecovery control, he get the following error.

Error: The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.0 Must issue a STARTTLS command first. 32sm15616652wfa.13

Cause
=============================
There is no setting in Web.Config for System.Net.Mail (.net 2.0) that maps to EnableSSL property of System.Net.Mail.SmtpClient.

Resolution
=============================
1) In the code behind, We need to consume PasswordRecovery1_SendingMail event of the web control
2) This event provide us access to Email Message being sent and also give us option to cancel the send operation
3) We will make a copy of this email message, and create a new instance of System.Net.Mail.SmtpClient
4) This time we have complete access to its properties and we can turn On/Off the EnableSSL setting
5) Lets set EnableSSL to true and send the email message to desired SMTP server

The below code snippet can do the job..

protected void PasswordRecovery1_SendingMail(object sender, MailMessageEventArgs e)
{
System.Net.Mail.SmtpClient smtpSender = new System.Net.Mail.SmtpClient("mail.google.com", 587);
smtpSender.DeliveryMethod = System.Net.Mail.SmtpDeliveryMethod.Network;
smtpSender.Credentials = new System.Net.NetworkCredential("username@gmail.com", "password");
smtpSender.EnableSsl = true;

smtpSender.Send(e.Message);
e.Cancel = true;
}

Repro Steps
=============================
1) Configure a PasswordRecovery control
2) Provide all the settings in Web.Config, including username/password, server name, email sender and others
3) Try to send a recovery email when SMTP server requires SSL

More Information
=============================
This problem is related to System.Net.Mail and also documented here...
https://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?FeedbackID=281277

I am working on it and trying to get a fixed for the problem, but as most of the bugs there is no ETA :-)

Comments

  • Anonymous
    September 04, 2008
    Thanks for the code. But I am getting an operation timed out System.Net.SmtpException. I dont know what is wrong. I have tried after disabling the firewall.but still same error. please help. :(

  • Anonymous
    September 08, 2008
    Thank you for working on this. It would be so nice to have a EnableSsl attribute for the smtp tag in the web.config.  Surprised it's not already there, I mean, you're going to go ahead and store host, port, username and password, it make perfect sense to have that too.  Anyways, thanks.

  • Anonymous
    October 17, 2008
    Thanks!  This was very helpful.  I'm using a Gmail account to send these notifications.  

  • Anonymous
    July 10, 2009
    I am also getting timeout error. Actually i am trying it locally. Please let me know if it doesnt work locally.

  • Anonymous
    August 05, 2009
    Please ellaborate, how you are using this code ... when you say you are trying it locally what does that means?

  • Anonymous
    August 07, 2009
    Since you still got the your smtp stuff in web.config, you only need to add the code below and it will work. Code: protected void PasswordRecovery1_SendingMail(object sender, MailMessageEventArgs e) { System.Net.Mail.SmtpClient smtpSender = new System.Net.Mail.SmtpClient(); smtpSender.EnableSsl = true; smtpSender.Send(e.Message); e.Cancel = true; }

  • Anonymous
    September 01, 2009
    Thanks for this great idea!!! For me, the actual code didn't work, but replacing it by the code from http://www.aspcode.net/Send-mail-from-ASPNET-using-your-gmail-account.aspx works perfectly!!!

  • Anonymous
    February 20, 2010
    The code can use successfully, but when i received the mail after click passwordrecovery button. The password return to me is totally different from mine. Mine is 12345, but i get Password: iVa6AzL{xkX#g^

  • Anonymous
    May 11, 2010
    so nice, that,s a good solution, thank you.

  • Anonymous
    April 16, 2011
    Your code is helpful. Thanks! @rodney: In web.config, you should config the MembershipProvider by setting enablePasswordRetrieval="true" enablePasswordReset="False" and passwordFormat="Clear" .

  • Anonymous
    April 20, 2011
    I used your solution to send mail via Exchange Online, which requires SSL.  All that was necessary besides the web.config mailSettings was:            SmtpClient smtpClient = GetSmtpClient();            if (smtpClient.Port == 587)            {                smtpClient.EnableSsl = true;            }            smtpClient.Send(message); Thank you sincerely, Vikas.