Asp .Net Password Recovery new password does not work

Question

I'm implementing a password recovery page on a site I'm developing using a sample. I set up the page so it emails the user with the new password, which is great. The password is hashed so I can not see what is in the database of course.

Well, the new password doesn't work. Haha. Been working on this one issue for over two hours and need to move onto another aspect of the project. Has anyone else had this issue?

<%@ Page Language="C#" MasterPageFile="~/Site.master" AutoEventWireup="true" CodeFile="RecoverPassword.aspx.cs" Inherits="RecoverPassword" Title="Untitled Page" %>

<asp:Content ID="Content1" ContentPlaceHolderID="MainContent" Runat="Server">
    <h2>Recover Your Password</h2>
    <p>
        <asp:PasswordRecovery ID="RecoverPwd" runat="server" 
            onsendingmail="RecoverPwd_SendingMail">
            <MailDefinition BodyFileName="~/EmailTemplates/PasswordRecovery.txt" 
                Subject="Your password has been reset...">
            </MailDefinition>
        </asp:PasswordRecovery>
    </p>
</asp:Content>

using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;

public partial class RecoverPassword : System.Web.UI.Page
{
    protected void RecoverPwd_SendingMail(object sender, MailMessageEventArgs e)
    {
        e.Message.CC.Add("dwayne.jarman@fda.hhs.gov");
    }
}

<membership defaultProvider="DefaultMembershipProvider">
  <providers>
    <add name="DefaultMembershipProvider" 
         type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=XXXXXXXXXX" 
         connectionStringName="DefaultConnection" 
         enablePasswordRetrieval="false" 
         enablePasswordReset="true" 
         requiresQuestionAndAnswer="false" 
         requiresUniqueEmail="true" 
         maxInvalidPasswordAttempts="5" 
         minRequiredPasswordLength="6" 
         minRequiredNonalphanumericCharacters="0" 
         passwordAttemptWindow="10" 
         applicationName="/"/>
  </providers>
</membership>

Answer 1

Make sure the format in the database is hashed (1), you can find this in aspnet_Membership and "PasswrodFormat".

Also try including this attribute in your membership setting, passwordFormat="Hashed".

Answer 2

It could be that the ApplicationName is different from the one that was used to create the users. Have a look in the aspnet_Users and aspnet_Application table to check.