Configure the password recovery link

To configure the password recovery for your Sitefinity CMS application, perform the following:

1. Log into the Sitefinity CMS backend.
2. In the top menu , click Administration » Settings.
3. Go to the Advanced settings by clicking the Advanced button.
4. In the list on the left, click on Security » Notifications.
5. In the SenderProfile textbox, type the name of the notification profile you want to be used to send emails for the Authentication module. If you leave this field blank, the default notification profile is used. For more information about Sitefinity CMS notification profiles, see Administration: Configure notification profiles.

   NOTE: In Sitefinity CMS versions 11.2 and older, the password recovery functionality used the legacy system SMTP settings. In Sitefinity CMS versions 12.0 and later, all system modules use the Notification service instead. To preserve a working email functionality after upgrading to Sitefinity CMS version 12.0 and later, a dedicated Notifications profile named SystemConfigSmtpSettingsMigrated is automatically created for you. The profile uses the same values as the legacy system SMTP settings and is configured by default for all modules that previously used the system SMTP settings.

6. Click Save changes.
7. In the list on the left, click on Security » Membership Providers » Default (or any applicable provider) » Parameters.
8. Setup the following parameters:
   • recoveryMailAddress
     This is the mail address that appears as sender when the user receives the password recovery mail.
     

     NOTE: This parameter is required. 

   • recoveryMailBody
   • recoveryMailSubject
9. Restart the application.
   You are now able to successfully reset user passwords. A password reset email can now be sent to any user who requests a new password.

There are two parameters that can be used to help the user with a forgotten password - enablePasswordReset and enablePasswordRetrieval.

NOTE: Set only one of these two parameters to true at the same time. You must use only one of either at any given time. Read below to learn the differences between the two parameters:

• The parameter enablePasswordReset is the more general setting. When a user requests their password, a new password is generated and then sent to them.

• Setting enablePasswordRetrieval to true indicates that the Sitefinity CMS must retrieve the original password and send it to the user. However, the default passwordFormat for the Default membership provider is Hashed Because hashed passwords cannot be retrieved, the Sitefinity CMS has to reset the password and send a new one. If you want to retrieve the current password, passwordFormat must be set to Encrypted or Clear.

  IMPORTANT: Clear password format indicates that the passwords will be kept in plain text). For more information about password formats, read Set password requirements.

  RECOMMENDATION: To increase the security of your site, we strongly recommend to set passwordFormat to Encrypted.

NOTE: You might need to recycle your application pool after changing the passwordFormat value for the change to take effectIn addition, note that this setting does not change the format of the current passwords.