To configure the password recovery for your Sitefinity CMS application, you must perform the following:
There are two parameters that can be used to help the user with a forgotten password -
enablePasswordReset and enablePasswordRetrieval.
NOTE: Both parameters must not be set to true at the same time. You must use only one of them. Read on to learn the differences between the two parameters.
Setting enablePasswordReset is the more universal setting. When a user requests their password, a new password is generated, and then sent to them.
Setting enablePasswordRetrieval to true indicates that Sitefinity CMS must retrieve the original password and send it to the user. However the default passwordFormat for the Default membership provider is Hashed - the most secure one. Because hashed passwords cannot be retrieved, Sitefinity CMS has to reset the password and send a new one. If you want to retrieve the current password, passwordFormat must be set to Encrypted or Clear (CAUTION: Clear password format indicates that the passwords will be kept in plain text). For more information about password formats, read Administration: Set password requirements.
NOTE: Keep in mind that you might need to recycle your application pool after changing the passwordFormat value for the change to take effect, and also that this setting will not change the format of the current passwords.
Back To Top