Using the ASP.NET Login Controls with Mail Servers that Require SSL

Some of the Login controls that ship with ASP.NET, such as CreateUserWizard, ChangePassword and PasswordRecovery enable you to send e-mail to your users without writing a lot of code. You just drag and drop a control, assign a mail body template and you're pretty much done. However, as soon as your mail server requires you to use SSL (as, for example, GMail does), things become a little trickier. In this short article I'll show the code and configuration needed to send mail to servers that require SSL.


You typically don't have to write a lot of code when you want to send an e-mail from one of the Login controls if your mail server doesn't require SSL or authentication. For example, for the CreateUserWizard to send an e-mail with an account confirmation message, you need to do three things:

  1. Configure the MailDefinition element of the CreateUserWizard
  2. Create a message body for the e-mail
  3. Set up a mail server in the web.config file

Here's the definition for the CreateUserWizard control:

<asp:CreateUserWizard ID="CreateUserWizard1" runat="server">
  <MailDefinition BodyFileName="~/App_Data/CreateUserWizard.txt" 
         Subject="Your new account">
    <asp:CreateUserWizardStep runat="server" />
    <asp:CompleteWizardStep runat="server" />

The CreateUserWizard.txt file can contain text welcoming the user and can optionally contain the user's user name and password:

Dear <%UserName%>,

Thank you for signing up for an account at our web site. For your reference, please 
find your login details below:

User name: <%UserName%>
Password: <%Password%>	    

The final step is configuring the mail server in the web.config file. If you can use your ISP's mail server or you have a mail server on your local network, you typically don't need more than this:

    <smtp deliveryMethod="Network" from="">
      <network host=""/>

Now, whenever a user signs up for an account using the CreateUserWizard control, an e-mail that contains the user's user name and password is sent using the mail server defined in the config file. This all works fine if your mail server doesn't require SSL. When it does, for example because you are using GMail's SMTP server, you need to write a bit more code.

Using Mail Servers that Require SSL

When sending an e-mail message with your own code to a mail server that requires SSL, you need to set the EnableSsl property of the SmtpClient class you're using to true. However, when using the Login controls, you don't create an instance of SmtpClient yourself so you can't easily enable SSL. Internally, the CreateUserWizard (and other controls) create an SmtpClient with this setting to false, resulting in errors when trying to send the e-mail. To work around this, follow these steps:

  1. Configure the web.config file and set up a mail server with a specified port number, user name and password.
  2. Handle the SendingMail event that the Login controls fire and execute the following steps:
    1. Create your own instance of the SmtpClient
    2. Set EnableSsl to true
    3. Send the message (which you can access using e.Message) with your own SmtpClient
    4. Cancel the original message.

For the first step, you need to add something like this to your web.config file:

    <smtp deliveryMethod="Network" from="">

You need to fill in your GMail's user name and password in the respective attributes.

The next step is to handle the SendingMail event which is fired by the following three Login controls:

  • ChangePassword
  • CreateUserWizard
  • PasswordRecovery

You can handle the SendingMail event that these controls fire with the following code:

protected void CreateUserWizard1_SendingMail(object sender, MailMessageEventArgs e)
  SmtpClient mySmtpClient = new SmtpClient();
  mySmtpClient.EnableSsl = true;
  e.Cancel = true;

This code first creates a new SmtpClient. When this client needs to send out an e-mail, it will use the details provided in the web.config file, including the user name, password and configured mail server.

Next, it enables SSL by setting the EnableSsl property to true. It then accesses the message that is being sent by the Login controls using e.Message which is then passed to the client's Send method. Finally, to stop the control from still sending its own message using the configured mail server without enabling SSL, the code calls e.Cancel = true. Since this code is the same for all three controls, you could create a helper method with this code so you only need to write it once.

This solution is not as convenient as an EnableSsl attribute on the network element in web.config would be, but it doesn't require a whole lot of code to make it work. In the code download that comes with this article, you find a sample page for each of the three Login controls that support sending mail.

Download Files

Source Code for this Article

Where to Next?

Wonder where to go next? You can post a comment on this article.

Doc ID 505
Full URL
Short cut
Written by Imar Spaanjaars
Date Posted 11/28/2009 20:54


Talk Back! Comment on Imar.Spaanjaars.Com

I am interested in what you have to say about this article. Feel free to post any comments, remarks or questions you may have about this article. The Talk Back feature is not meant for technical questions that are not directly related to this article. So, a post like "Hey, can you tell me how I can upload files to a MySQL database in PHP?" is likely to be removed. Also spam and unrealistic job offers will be deleted immediately.

When you post a comment, you have to provide your name and the comment. Your e-mail address is optional and you only need to provide it if you want me to contact you. It will not be displayed along with your comment. I got sick and tired of the comment spam I was receiving, so I have protected this page with a simple calculation exercise. This means that if you want to leave a comment, you'll need to complete the calculation before you hit the Post Comment button.

If you want to object to a comment made by another visitor, be sure to contact me and I'll look into it ASAP. Don't forget to mention the page link, or the Doc ID of the document.

(Plain text only; no HTML or code that looks like HTML or XML. In other words, don't use < and >. Also no links allowed.