Home | Blog | Web Development | Why Isn’t Sitefinity Sending Password Reset Emails?

Why Isn’t Sitefinity Sending Password Reset Emails?

Sep 7, 2016, 13:52 PM | Published under Web Development by Steven Yashur

You’ve got your shiny new Sitefinity site up and running, everything’s humming along smoothly, and then an admin forgets their password. They’ve tried using the password reset on Sitefinity’s login page, they’ve had another admin trigger the reset for them, and they’re still not getting a password reset email.

So, what’s the deal?

Well, here’s the trick:

In Sitefinity, password reset doesn’t work on its own right away. You have to configure the SMTP settings and the password recovery link first.

  1. In the Sitefinity backend, go to Administration -> Settings -> Advanced -> System -> SMTP (Email Settings)
  2. These fields need to be filled in:
    1. Host: smtp.whereyouremailcomesfrom.com
    2. DefaultSenderEmailAddress: [email protected] -- it doesn’t have to be a real email address so long as the domain name matches the one on the site.
  3. These fields should already be filled in by default but here they are just in case:
    1. Port: 25
    2. DeliveryMethod: Network
    3. Timeout: 100000
    4. EmailSubjectEncoding: utf-8
    5. EmailBodyEncoding: utf-8
  4. Leave the other fields blank
  5. Save the changes
  6. In the list on the left, go to Security -> Membership Providers -> Default -> Parameters
  7. Set recoveryMailAddress to [email protected] -- again, it doesn’t have to be a real email address, but the domain name should match the one on the site.
  8. Set enablePasswordReset to true*
  9. Save the changes
  10. Restart the application (either via IIS or by touching web.config)

* There’s another parameter, enablePasswordRetrieval, that allows Sitefinity to retrieve the user’s original password and send it to them. You probably don’t want to do that. If you do want to do that, you’ll have to (a) set enablePasswordReset to false and (b) set passwordFormat to either Encrypted or Clear. Using clear password format stores the passwords in plaintext and is also a bad idea.


About the Author

Steve is Infront's longest-serving employee and has over seventeen years of experience in System Administration and Network Administration. For the last fourteen years, he's worked in internet web application development focused on ASP, Ruby on Rails and Javascript as well as RDBMS (Microsoft SQL Server, Postgres and MySQL).

Load more comments
Thank you for the comment! Your comment must be approved first
website user
New code

Best SEO Company -10 SEO's