Administration: Configure the password recovery link

To configure the password recovery for your Sitefinity CMS application, you must perform the following:

1. Log into the Sitefinity CMS backend.
2. In the menu at the upper part of the screen, click Administration » Settings.
3. Go to the Advanced settings, by clicking the Advanced button.
4. In the list on the left, click on System » SMTP (Email Settings)
5. Configure the correct SMTP server settings, and then save the changes.
   For more information about this, read Administration: Configure SMTP settings.
6. In the list on the left, click on Security » Membership Providers » Default (or any applicable provider there) » Parameters.
7. Setup the following parameters:
1. recoveryMailAddress
   Enter a valid email address. It will be used by Sitefinity CMS as the From: email address that will appear in the password recovery email message. Save the changes.
2. enablePasswordReset
   This parameter configures whether user passwords can be reset. Set it to true and save changes.
8. Restart the application
   You are now able to successfully reset user passwords. A password reset email will be successfully sent to the user with a new password.

There are two parameters that can be used to help the user with a forgotten password - enablePasswordReset and enablePasswordRetrieval.

NOTE: Both parameters must not be set to true at the same time. You must use only one of them. Read on to learn the differences between the two parameters.

Setting enablePasswordReset is the more universal setting. When a user requests their password, a new password is generated, and then sent to them.

Setting enablePasswordRetrieval to true indicates that Sitefinity CMS must retrieve the original password and send it to the user. However the default passwordFormat for the Default membership provider is Hashed - the most secure one. Because hashed passwords cannot be retrieved, Sitefinity CMS has to reset the password and send a new one. If you want to retrieve the current password, passwordFormat must be set to Encrypted or Clear (CAUTION: Clear password format indicates that the passwords will be kept in plain text). For more information about password formats, read Administration: Set password requirements.

NOTE: Keep in mind that you might need to recycle your application pool after changing the passwordFormat value for the change to take effect, and also that this setting will not change the format of the current passwords.