How do I configure the PasswordRecovery object so that I can pull the password from the webservice rather than allowing direct access to the sql server database? Where does PasswordRecovery even do the sql for getting the users password from the database? All the examples I've found show the PasswordRecovery accessing the database via the web.config and another question: How do I configure a test server to access the Mail server via System.Net.Mail object?

I've configured my PasswordRecovery object exactly as it is configured here:

http://msdn.microsoft.com/en-us/library/t92zy5x0.aspx

Help anybody?

You can attach event handlers to the VerifyingUser/VerifyingAnswer events and handle this yourself.