1) Prompt the the user to input his subscription mail.
You need to create a custom form - it could be just a TextBox with a button "Reset" Then you have to create a custom table in your database that has the following columns = userID, UserEmail, , TimeForReset, Clicked The TimeForReset will be used to set certain time that you should give to your user to reset his/her password - say 24 hours.
2) Send an email containing a One-time-use link (ResetForgottenPass.aspx?uniqueQueary).
Once the link is clicked you have to set Clicked to 1 in the databse ( this is boolean type variable - true/false). If the link is clicked again you have to check the value from the datatabase and redirect the user to another page.
Another option is adding column in the database with the current password of your user. The password should be hashed and appended as a querystring, so that this will not make any sence to the user. On the server once you recieve the request you can decript the current password and check whether it is the same as this one stored in the databse ( this means that the user has not reset the password). If the password is the same you will forward the reqest to your NewPassword/ConfirmeNewPassword form, otherwise to another page.
3) When the user click the link he will be redirected to the NewPassword/ConfirmeNewPassword form, so he will choose his own new password.
Here you can use ChangePassword method of ASP.NET MembershipUser class.
the Telerik team