Configure the password recovery link
To configure the password recovery for your Sitefinity CMS application, perform the following:
- Log into the Sitefinity CMS backend.
- In the top menu, click Administration » Settings.
- Go to the Advanced settings by clicking the Advanced button.
- In the list on the left, click on Security » Notifications.
- In the SenderProfile textbox, type the name of the notification profile you want to be used to send emails for the security notifications. If you leave this field blank, the default notification profile is used. For more information about Sitefinity CMS notification profiles, see Configure notification profiles.
NOTE: In Sitefinity CMS versions 11.2 and older, the password recovery functionality used the legacy system SMTP settings. In Sitefinity CMS versions 12.0 and later, all system modules use the Notification service instead. To preserve a working email functionality after upgrading to Sitefinity CMS version 12.0 and later, a dedicated Notifications profile named SystemConfigSmtpSettingsMigrated is automatically created for you. The profile uses the same values as the legacy system SMTP settings and is configured by default for all modules that previously used the system SMTP settings.
- Click Save changes.
- In the list on the left, click on Security » Membership Providers » Default (or any applicable provider) » Parameters.
- Setup the following parameters:
- Restart the application.
You are now able to successfully reset user passwords. A password reset email can now be sent to any user who requests a new password.
The enablePasswordReset and enablePasswordRetrieval parameters
There are two parameters that can be used to help the user with a forgotten password -
NOTE: Set only one of these two parameters to true at the same time. You must use only one of either at any given time. Read below to learn the differences between the two parameters:
- The parameter
enablePasswordReset is the more general setting. When a user requests their password, a new password is generated and then sent to them.
NOTE: You might need to recycle your application pool after changing the
passwordFormat value for the change to take effect. In addition, note that this setting does not change the format of the current passwords.