Configure the password recovery link

To configure the password recovery for your Sitefinity CMS application, you must perform the following:

1. Log into the Sitefinity CMS backend.
2. In the menu at the upper part of the screen, click Administration » Settings.
3. Go to the Advanced settings, by clicking the Advanced button.
4. In the list on the left, click on Security » Notifications.
5. In the SenderProfile textbox type the name of the notification profile you want to be used to send emails for the Ecommerce module. If you do not fill in a name explicitly, the default notification profile is used. For more information about Sitefinity CMS notification profiles, see Administration: Configure notification profiles

   NOTE: If you have created your website with Sitefinity CMS version 11.2 or older, the password recovery functionality in these versions used the legacy system SMTP settings. In Sitefinity CMS versions 12.0 and later all system modules use Notification service instead. To preserve working email functionality, after upgrading to Sitefinity CMS version 12.0 or later, a dedicated Notifications profile, named SystemConfigSmtpSettingsMigrated has been automatically created for you. The profile uses the same values as the legacy system SMTP settings and is configured by default for all modules, that were using the system SMTP settings in older versions.

6. Click Save changes
7. In the list on the left, click on Security » Membership Providers » Default (or any applicable provider there) » Parameters.
8. Setup the following parameters:
   • recoveryMailAddress
     This is the mail address that will appear as sender when the user receives the password recovery mail.
     

     NOTE: This parameter is required. 

   • recoveryMailBody
   • recoveryMailSubject
9. Restart the application
   You are now able to successfully reset user passwords. A password reset email will be successfully sent to the user with a new password.

There are two parameters that can be used to help the user with a forgotten password - enablePasswordReset and enablePasswordRetrieval.

NOTE: Both parameters must not be set to true at the same time. You must use only one of them. Read on to learn the differences between the two parameters.

Setting enablePasswordReset is the more universal setting. When a user requests their password, a new password is generated, and then sent to them.

Setting enablePasswordRetrieval to true indicates that Sitefinity CMS must retrieve the original password and send it to the user. However the default passwordFormat for the Default membership provider is Hashed - the most secure one. Because hashed passwords cannot be retrieved, Sitefinity CMS has to reset the password and send a new one. If you want to retrieve the current password, passwordFormat must be set to Encrypted or Clear (CAUTION: Clear password format indicates that the passwords will be kept in plain text). For more information about password formats, read Administration: Set password requirements.

NOTE: Keep in mind that you might need to recycle your application pool after changing the passwordFormat value for the change to take effect, and also that this setting will not change the format of the current passwords.