I’ve recently updated my custom provider with some of your requested features. Unfortunately it’s not exactly for sale, but I did want to tell you that it wouldn’t be terribly difficult to do on your own.

The multiple question/answer feature and the force reset (password expiration) actually can be implemented using any provider because they’re not directly enforced by the provider. To enable Password Resets you could simply define a constant in your appSettings, i.e. “PasswordLifetimeInDays”. Then in your Login page simply override the Authenticate method and inspected the LastPasswordChange property of the MembershipUser. If their password has expired then redirect them to a ChangePassword page, otherwise log them in. Check out this article for a walk through of implementing this feature.

The pre-generated question scenario is also something that doesn’t really fit in as provider functionality. Although, a third party solution could contain this mechanism in a separate API I suppose.

The SqlMembershipProvider already provides a way to set the number of login attempts via the MaxInvalidPasswordAttempts attribute.

Really, the duplicate passwords functionality is the only piece that truly belongs in the provider implementation as it requires an additional table to track the password history.

Let me know if you ever decide to implement this stuff on your own and I could offer some more guidance.