asp.net membership not sending login reminders

Question

I'm using asp.net's built-in membership provider with security question-and-answer enabled for password recovery against a SQL Server 2005 db. For some users, this works fine and they're able to receive their passwords. For others, and it's not clear what separates the two groups, the security answer is never properly processed. It doesn't matter if the answer is correct or incorrect, the page merely reloads without confirming or denying the request.

As for events, VerifyingAnswer is being triggered, but not AnswerLookupError (if answer is incorrect) or SendingMail (if answer is correct). I ran a SQL trace during one instance, and the aspnet_Membership_GetUserByName stored procedure is being called, but nothing else gets called after. I would expect that aspnet_Membership_GetPassword would be called, which passes the security answer as a parameter, but it isn't.

Answer 1

Update: I was able to resolve the issue. In my case, I am catching the events and using email addresses from another source (ie. not the membership database) tied to the user making the request. The problem is that the PasswordRecovery control chokes if there is not an email address in the corresponding asp.net membership record, even though I'm not relying on it being there.

I think the reason I didn't realize this before is because I would've expected that requirement to trigger an issue immediately after entering the user name instead of additionally prompting the user to answer the security question. I fixed the issue by sticking an email address in every membership record.