A few points on the current state of affairs (as of October 2011):
1st: there is a good chance that you really do not want password recovery, because it considers a security risk, and you must disable one-way password encryption in order to be able to implement it. Instead, most people use the password "reset".
If you really want to enable recovery, then:
1) When you create a new Internet project in VS2010, it creates the LogOn, Register and ChangePassword pages for you. As Hector says, password recovery has not been created for you.
2) However, the Asp.Net membership provider does support it, so you can add it by creating Model, Controller, and View yourself by setting enablePasswordRetrieval = "true" and passwordFormat = "Encryted" and calling Memberhip.GetUser ().
If instead of the “Recovery” password you really want the “reset” password, there are several ways to implement it: i) Self-service - when the user can click the link and an email is sent to them with a link to reset the password.
Examples:
I tried this one. I like it because it handles both account confirmation and password reset: - http://nuget.org/List/Packages/SimpleMembership.Mvc3
I have NOT tried any of them:
- http://hectorcorrea.com/Blog/Password-Recovery-in-an-ASP.NET-MVC-Project
- http://stevenalexander.posterous.com/expiring-password-reset-token-in-mvc-with-wf
- http://forrst.com/posts/ASP_NET_MVC_3_C_Password_Reset-gFA
ii) Administrator Managed - you contact the administrator, who then reset your password for you. An example of this is the TroyGoode MvcMembership Starter Kit, mentioned above by Gthompson83. There is a menu item "User Administration", accessible to administrators and allowing passwords to be reset or random, generated and sent by e-mail to the user. It also allows you to manage roles.