LogoDOCUMENTATION

SELECT PRODUCT DOCUMENTATION

Sitefinity CMSSitefinity InsightSitefinity CloudKnowledge Base
Security
Web security module
Web security settings
Authentication
Users
Roles
Permissions
Authentication settings
Create a custom membership provider
Implement an ASP.NET SQL membership provider
Customize the email notification for password change
Best practices for Authentication
Troubleshooting Authentication
HomeAuthentication settings Configure the password recovery link

Configure the password recovery link

To configure the password recovery for your Sitefinity CMS application, perform the following:

  1. Log into the Sitefinity CMS backend.

  2. In the top menu , click Administration» Settings.

  3. Go to the Advanced settings by clicking the Advancedbutton.

  4. In the list on the left, click on Security » Notifications.

  5. In the SenderProfile textbox, type the name of the notification profile you want to be used to send emails for the Authentication module. If you leave this field blank, the default notification profile is used. For more information about Sitefinity CMS notification profiles, see Administration: Configure notification profiles.

    NOTE: In Sitefinity CMS versions 11.2 and older, the password recovery functionality used the legacy system SMTP settings. In Sitefinity CMS versions 12.0 and later, all system modules use the Notification service instead. To preserve a working email functionality after upgrading to Sitefinity CMS version 12.0 and later, a dedicated Notifications profile named SystemConfigSmtpSettingsMigrated is automatically created for you. The profile uses the same values as the legacy system SMTP settings and is configured by default for all modules that previously used the system SMTP settings.

  6. Click Save changes.

  7. In the list on the left, click on Security » Membership Providers » Default (or any applicable provider) » Parameters.

  8. Setup the following parameters:

    • recoveryMailAddressThis is the mail address that appears as sender when the user receives the password recovery mail.

      NOTE: This parameter is required.

    • recoveryMailBody

    • recoveryMailSubject

  9. Restart the application.
    You are now able to successfully reset user passwords. A password reset email can now be sent to any user who requests a new password.

The enablePasswordReset and enablePasswordRetrieval parameters

There are two parameters that can be used to help the user with a forgotten password - enablePasswordReset and enablePasswordRetrieval.

NOTE: Set only one of these two parameters to true at the same time. You must use only one of either at any given time. Read below to learn the differences between the two parameters:

  • The parameter enablePasswordReset is the more general setting. When a user requests their password, a new password is generated and then sent to them.

  • Setting enablePasswordRetrieval to true indicates that the Sitefinity CMS must retrieve the original password and send it to the user. However, the default passwordFormat for the Default membership provider is Hashed Because hashed passwords cannot be retrieved, the Sitefinity CMS has to reset the password and send a new one. If you want to retrieve the current password, passwordFormat must be set to Encrypted or Clear.

    IMPORTANT: Clear password format****indicates that the passwords will be kept in plain text). For more information about password formats, read Set password requirements.

    RECOMMENDATION: To increase the security of your site, we strongly recommend to set passwordFormat to Encrypted.

NOTE: You might need to recycle your application pool after changing the passwordFormat value for the change to take effectIn addition, note that this setting does not change the format of the current passwords.

Want to learn more?
Enhance your Sitefinity skills by enrolling in free training sessions. Become Sitefinity certified through Progress Education Community to strengthen your professional credentials.
course-book
Get started with Integration Hub | Sitefinity Cloud
This free lesson teaches administrators, marketers, and other business professionals how to use Sitefinity Integration Hub to create automated workflows between Sitefinity and other business systems.
course-book
Web Security for Sitefinity Administrators
This free lesson teaches administrators the basics about protecting your Sitefinity instance and your sites from external threats. Configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.
course-book
Foundations of Sitefinity ASP.NET Core Development
The free on-demand video course teaches developers how to use Sitefinity ASP.NET Core and take advantage of its decoupled architecture and modern development model.
This Article Contains
The enablePasswordReset and enablePasswordRetrieval parameters
New to Sitefinity?
Get a demoPlatform overview
Documentation
About Sitefinity
Resources
Learn
New to Sitefinity
+1-888-365-2779