You’ve got your shiny new Sitefinity site up and running, everything’s humming along smoothly, and then an admin forgets their password. They’ve tried using the password reset on Sitefinity’s login page, they’ve had another admin trigger the reset for them, and they’re still not getting a password reset email.
So, what’s the deal?
Well, here’s the trick:
In Sitefinity, password reset doesn’t work on its own right away. You have to configure the SMTP settings and the password recovery link first.
- In the Sitefinity backend, go to Administration -> Settings -> Advanced -> System -> SMTP (Email Settings)
- These fields need to be filled in:
- Host: smtp.whereyouremailcomesfrom.com
- DefaultSenderEmailAddress: [email protected] -- it doesn’t have to be a real email address so long as the domain name matches the one on the site.
- These fields should already be filled in by default but here they are just in case:
- Port: 25
- DeliveryMethod: Network
- Timeout: 100000
- EmailSubjectEncoding: utf-8
- EmailBodyEncoding: utf-8
- Leave the other fields blank
- Save the changes
- In the list on the left, go to Security -> Membership Providers -> Default -> Parameters
- Set recoveryMailAddress to [email protected] -- again, it doesn’t have to be a real email address, but the domain name should match the one on the site.
- Set enablePasswordReset to true*
- Save the changes
- Restart the application (either via IIS or by touching web.config)
* There’s another parameter, enablePasswordRetrieval, that allows Sitefinity to retrieve the user’s original password and send it to them. You probably don’t want to do that. If you do want to do that, you’ll have to (a) set enablePasswordReset to false and (b) set passwordFormat to either Encrypted or Clear. Using clear password format stores the passwords in plaintext and is also a bad idea.