Files to look at:

• Updater.cs (VB: Updater.vb)
• LogonActionParameters.cs (VB: LogonActionParameters.vb)
• ManageUsersOnLogonController.cs (VB: ManageUsersOnLogonController.vb)
• Module.cs (VB: Module.vb)

We'd like to announce that we've published an example demonstrating an alternative and more recommended solution to managing user authentication, registration and related tasks:
How to: Use Google, Facebook and Microsoft accounts in ASP.NET XAF applications (OAuth2 authentication demo)

Instead of creating and maintaining a quite complex custom-tailored implementation for managing users from the logon form, we recommend delegating these routine tasks to OAuth2 providers. For instance, Microsoft or Google provide Office 365 and G Suite services for managing users (e.g., register and delete users, reset forgotten passwords), documents, apps and other things within an organization using standard and familiar for business people means. Your XAF application will just smoothly integrate these OAuth2 providers into the logon form after adding some boilerplate code.

Your feedback on this implementation and the approach in general is welcome.
====================
Scenario
This example contains a reusable Security.Extensions module that provides a possible solution for the following scenarios:

Security - provide the capability to register a new user from the logon form
Security.Authentication - provide a "Forgot Password" feature

In order to use this module in your project, do the following:

1. Download and include the Security.Extensions module project into your XAF solution (as per MSDN) and rebuild it. This custom module contains Application Model settings (Model.DesignedDiffs.xafml) to layout custom Actions next to the logon form input fields (see the How to: Include an Action to a Detail View Layout  article for more details) as well as non-persistent data models for parameter screens (LogonActionParameters.cs) and finally a ViewController (ManageUsersOnLogonController.cs) for the logon DetailView that declares custom Actions and their behavior. The controller is registered via the XafApplication.CreateCustomLogonWindowControllers event in the ModuleBase descendant (Module.cs) along with other service logic.

2. Invoke the Module Designer for your platform-agnostic module and drag and drop the SecurityExtensionsModule from the Toolbox;

3. Add the following code into your platform-agnostic module class:

static YourPlatformAgnosticModuleName() {
    SecurityExtensionsModule.CreateSecuritySystemUser = Updater.CreateUser;
} 

where 'Updater.CreateUser' is your custom method that matches the following definition:

public delegate IAuthenticationStandardUser CreateSecuritySystemUser(IObjectSpace objectSpace, string userName, string email, string password, bool isAdministrator);

IMPORTANT NOTE
This module is currently ASP.NET only.