Don't do it.
Instead, if he looses his password, set it to a random value, and email him that new, random value.
That way, if this is an intrusion attempt, he needs access to the original email address the account was registered with, and the original owner is aware that his password has changed.
Systems should never store readable passwords: there is a tip here that gives the basics of what to do:
Password Storage: How to do it.[
^]
There is also a generic email routine here:
Sending an Email in C# with or without attachments: generic routine.[
^]