BUG: ASP.net 2.0 PasswordRecovery Web Control cannot send emails to SSL enabled SMTP Servers

This is a known issue or you can also call it as product limitation. PasswordRecovery control read most of the settings from web.config file. Internally it uses System.Net.Mail to send out email, which does not support reading EnableSSL setting from web.config. This bring us into a situation where PasswordRecovery control cannot send emails to SSL enabled smtp servers.

So when a user tries to send a email to SSL enable server using PasswordRecovery control, he get the following error.

Error: The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.0 Must issue a STARTTLS command first. 32sm15616652wfa.13

There is no setting in Web.Config for System.Net.Mail (.net 2.0) that maps to EnableSSL property of System.Net.Mail.SmtpClient.

1) In the code behind, We need to consume PasswordRecovery1_SendingMail event of the web control
2) This event provide us access to Email Message being sent and also give us option to cancel the send operation
3) We will make a copy of this email message, and create a new instance of System.Net.Mail.SmtpClient
4) This time we have complete access to its properties and we can turn On/Off the EnableSSL setting
5) Lets set EnableSSL to true and send the email message to desired SMTP server

The below code snippet can do the job..

protected void PasswordRecovery1_SendingMail(object sender, MailMessageEventArgs e)
System.Net.Mail.SmtpClient smtpSender = new System.Net.Mail.SmtpClient("mail.google.com", 587);
smtpSender.DeliveryMethod = System.Net.Mail.SmtpDeliveryMethod.Network;
smtpSender.Credentials = new System.Net.NetworkCredential("username@gmail.com", "password");
smtpSender.EnableSsl = true;

e.Cancel = true;

Repro Steps
1) Configure a PasswordRecovery control
2) Provide all the settings in Web.Config, including username/password, server name, email sender and others
3) Try to send a recovery email when SMTP server requires SSL

More Information
This problem is related to System.Net.Mail and also documented here...

I am working on it and trying to get a fixed for the problem, but as most of the bugs there is no ETA 🙂

Comments (11)

  1. joshymraj says:

    Thanks for the code. But I am getting an operation timed out System.Net.SmtpException. I dont know what is wrong. I have tried after disabling the firewall.but still same error. please help. 🙁

  2. josh says:

    Thank you for working on this.

    It would be so nice to have a EnableSsl attribute for the smtp tag in the web.config.  Surprised it’s not already there, I mean, you’re going to go ahead and store host, port, username and password, it make perfect sense to have that too.  Anyways, thanks.

  3. Thanks!  This was very helpful.  I’m using a Gmail account to send these notifications.  

  4. Ravindra Kolla says:

    I am also getting timeout error. Actually i am trying it locally. Please let me know if it doesnt work locally.

  5. Vikas - MSFT says:

    Please ellaborate, how you are using this code … when you say you are trying it locally what does that means?

  6. Marcus Lindner says:

    Since you still got the your smtp stuff in web.config, you only need to add the code below and it

    will work.


    protected void PasswordRecovery1_SendingMail(object sender, MailMessageEventArgs e)


    System.Net.Mail.SmtpClient smtpSender = new System.Net.Mail.SmtpClient();

    smtpSender.EnableSsl = true;


    e.Cancel = true;


  7. Angelika Leeb says:

    Thanks for this great idea!!! For me, the actual code didn’t work, but replacing it by the code from http://www.aspcode.net/Send-mail-from-ASPNET-using-your-gmail-account.aspx works perfectly!!!

  8. rodney says:

    The code can use successfully, but when i received the mail after click passwordrecovery button. The password return to me is totally different from mine.

    Mine is 12345, but i get Password: iVa6AzL{xkX#g^

  9. maryam says:

    so nice, that,s a good solution, thank you.

  10. Your code is helpful. Thanks!

    @rodney: In web.config, you should config the MembershipProvider by setting enablePasswordRetrieval="true" enablePasswordReset="False" and passwordFormat="Clear" .

  11. Carl Kelley says:

    I used your solution to send mail via Exchange Online, which requires SSL.  All that was necessary besides the web.config mailSettings was:

               SmtpClient smtpClient = GetSmtpClient();

               if (smtpClient.Port == 587)


                   smtpClient.EnableSsl = true;



    Thank you sincerely, Vikas.

Skip to main content