Set password requirements

Configure password requirements

You setup the requirements for a user password, how passwords are stored, and how passwords are delivered via Sitefinity CMS settings. To setup password requirements for the users of your website, perform the following:

  1. In the main menu, click Administration » Settings.
    The Basic Settings page appears.
  2. Click Advanced.
    The Settings page appears.
  3. In left menu click Security » Membership Providers.
  4. Click the provider that you want to configure and then click Parameters. All parameters appear.
  5. Choose the format in which passwords are saved, click passwordFormat property on the left.
    In Value input field, enter one of the following:
    • Clear
      Passwords are not encrypted.
    • Hashed
      Passwords are encrypted one-way using a hashing algorithm.
    • Encrypted
      Passwords are encrypted.
  6. Save your changes.
  7. To setup the password format requirements, you can use the following parameters:
  8. Restart the application.

Configure password reset

You can enable users to reset their passwords in case they forgot them. Users receive an email message with a new password.

PREREQUISITES: To enable Sitefinity CMS to send e-mails, you must have configured the SMTP settings. For more information, see Configure email settings

  1. Navigate to Security » Membership Providers » Default (or any applicable provider) » Parameters.
  2. To enable or disable users to reset their password, click enablePasswordReset.
  3. In the Value input field, enter true to enable or false to disable the users to reset their passwords.
  4. Click Save changes.
    By default, password recovery is disabled.
  5. Click recoveryMailAddress and in Value, enter the email that will appear when the new password is sent to the user.
  6. Click Save changes.
    By default, there is no value set as recovery email, if you do not set it, password recovery will not work.
  7. Click recoveryMailBody and, in case you do not want the username to appear together with the password, in the Value input field, delete <br />User Name: <%\s*UserName\s*%>.
  8. Click Save changes.
  9. Click recoveryMailSubject and in Value, enter the subject that is displayed when the new password is sent to the user.
  10. Click Save changes.
  11. Restart the application.

Configure password retrieval

When working with forms-based authentication, you can configure password retrieval, so that users who forgot their passwords can receive them in an email message.

NOTE: If you are working with claims-based authentication, you cannot configure password retrieval.

PREREQUISITES: To enable Sitefinity CMS to send e-mails, you must have configured the SMTP settings. For more information, see Administration: Configure SMTP settings.

To configure password retrieval:

  1. Navigate to Administration » Settings » User Authentication.
  2. Expand the dropdown menu and select Forms authentication (backward compatibility).
    Click Save changes.
  3. Click Advanced to proceed to the advanced settings.
  4. Navigate to Security » Membership Providers » Default (or any applicable provider) » Parameters.
  5. Setup the following parameters:
    • recoveryMailAddress
      Enter a valid email address that is used by Sitefinity CMS as the From: <email address> that is displayed in the password recovery email message. Save the changes.
      IMPORTANT: If you are using a custom membership provider inheriting from the ASP.NET membership provider (MembershipDataProvider class), the recoveryMailAddress is returned as String.Empty, indicating that the user password cannot be reset. To resolve this issue, specify recoveryMailAddress in the appSettings node in web.config:
      using System;
      using System.Configuration;
      using Telerik.Sitefinity.Security;
      using Telerik.Sitefinity.Utilities.TypeConverters;
      namespace SitefinityWebApp
      {
      public class ChangePassword
      {
      public void RecoverPasswordCustomMembershiProvider(string MembershipProviderName)
      {
      UserManager userManager = UserManager.GetManager();
      var recoveryMailAddress = userManager.RecoveryMailAddress;
      Type MembershipProvider = TypeResolutionService.ResolveType(MembershipProviderName);
      if (String.IsNullOrEmpty(recoveryMailAddress))
      {
      recoveryMailAddress = ConfigurationManager.AppSettings[MembershipProvider + "_RecoveryMailAddress"];
      if (String.IsNullOrEmpty(recoveryMailAddress))
      recoveryMailAddress = string.Empty;
      }
      }
      }
      }
    • enablePassword Retrieval
      Set the property to true.

      IMPORTANT: You must not set the enablePasswordRetrieval property to true when the enablePasswordReset is also set to true. The defaultpasswordFormat for the default membership provider is Hashed. Since hashed passwords cannot be retrieved, Sitefinity CMS has to reset the password and send a new one. If you want to retrieve the current password, you must set the passwordFormat to Encrypted or Clear.

  6. Restart the application.

Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.

Get started with Integration Hub | Sitefinity Cloud | Sitefinity SaaS

This free lesson teaches administrators, marketers, and other business professionals how to use the Integration hub service to create automated workflows between Sitefinity and other business systems.

Web Security for Sitefinity Administrators

This free lesson teaches administrators the basics about protecting yor Sitefinity instance and its sites from external threats. Configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.

Was this article helpful?

Next article

User profiles