Log-in - Forgot password

Posted by Community Admin on 03-Aug-2018 17:08

Log-in - Forgot password

All Replies

Posted by Community Admin on 04-Mar-2011 00:00

When I click on 'Forgot your Password?' on the login screen I get:

Or, ask an administrator to configure the system.

Details:SMTP settings are not set

Well I entered the STMP Settings in Administration - Settings - System - SMTP (Email Settings)

Should host, Port, UserName, Password, DefaultSenderEmailAdress not be enough?

Regards Markus

PS: UserInterface

UserName -> User Name
DefaultSenderEmailAddress -> Default Sender Email Adress
Gets or sets the name or IP of the host used for SMTP transactions -> Name or IP of the host used for SMTP transactions

Not everyone is a programmer -> should it be a bit more user friendly

Posted by Community Admin on 07-Mar-2011 00:00

Hello Markus Berchtold,

Thank you for contacting Telerik support.

These are settings intended for advanced users. As you may see the whole section is called Advanced.
There is a part of this section called Basic settings where we use more user friendly labels and their options are not so extended.


Best wishes,
Antoaneta
the Telerik team

Posted by Community Admin on 08-Mar-2011 00:00

Dear Antoaneta

WellThatsOneWayToLookAtIt. ButIAmSureYouDontLikeToReadLikeThisEvenIfYouAreAnAdvancedDeveloper.

I guess you get the message :-)

Furthermore I have set the DefaultSenderEmailAddress to : info@mydomain.com

The password reminder comes from noreply@passwordRecovery.com.

Is this supposed to be like this?

Where and how can you change that (langues and text of messages)

Markus

Posted by Community Admin on 08-Mar-2011 00:00

Hi Markus,

Of course, I get the message and I absolutely agree with you :)

To add an email for password recovery go to Settings>Advanced>Security>Membership providers>Default>Parameters>recoveryMailAddress (see the screenshot) where in the field Value you need to enter the email address you want to use for sending password recovery emails.
When this field (value) is left blank the system uses a default email address.

You can also modify the email subject and body from recoveryMailBody and recoveryMailSubject. These two options are below recoveryMailAddress.

Unfortunately we do not support localization for email subject or body. You can write the text for them in any language you want, but for every language version they will be the same.

All the best,
Antoaneta
the Telerik team

Posted by Community Admin on 14-Mar-2011 00:00

Hi

I has change appropriate fileds in Settings>Advanced>Security>Membership providers>Default>Parameters
but it not made any changes, I still receiving mail in below default format:

=====
Subject : Password
-------

Your password has been succesfully changed.

User Name: sgolik
Password: Cr9-?*一伀䤀䌀䔀㨀吀栀椀猀洀攀猀猀愀最攀洀愀礀挀漀渀琀愀椀渀 瀀爀椀瘀椀氀攀最攀搀漀爀漀琀栀攀爀眀椀猀攀挀漀渀昀椀搀攀渀琀椀愀氀 椀渀昀漀爀洀愀琀椀漀渀昀 礀漀甀 愀爀攀 渀漀琀 琀栀攀 椀渀琀攀渀搀攀搀 爀攀挀椀瀀椀攀渀琀 瀀氀攀愀猀攀 椀洀洀攀搀椀愀琀攀氀礀 愀搀瘀椀猀攀 琀栀攀猀攀渀搀攀爀 戀礀 爀攀瀀氀礀 攀洀愀椀氀 愀渀搀攀氀攀琀攀 琀栀攀洀攀猀猀愀最攀 愀渀 愀渀礀 愀琀琀愀挀栀洀攀渀琀猀 眀椀琀栀漀甀琀甀猀椀渀最挀漀瀀礀椀渀最漀爀搀椀猀挀氀漀猀椀渀最 琀栀攀挀漀渀琀攀渀琀猀⸀਀☀渀戀猀瀀☀渀戀猀瀀猀栀礀猀栀礀☀渀戀猀瀀☀渀戀猀瀀
=====

My Web.config

<membership defaultProvider="Default">
  <providers>
    <clear/>
    <add name="Default" type="Telerik.Sitefinity.Security.Data.SitefinityMembershipProvider, Telerik.Sitefinity"/>
  </providers>
</membership>

I see there my new password Cr9-?* but is not clear where from Japan letters come ?

Posted by Community Admin on 14-Mar-2011 00:00

Email in same format with Japan letters I also receiving when changing password from Sitefinity UI
Any idea what can be reason of above situation ?

Posted by Community Admin on 14-Mar-2011 00:00

Also I tried to use appropriate ASP control

01.<asp:PasswordRecovery ID="pwdRecovery" runat="server" MembershipProvider="Default"
02.    CssClass="password-recovery" onsendingmail="pwdRecovery_SendingMail">
03.    <MailDefinition BodyFileName="~/MailTemplates/PasswordRecovery.txt" IsBodyHtml="true" From="noreply@aginity.com" Subject="Password recovery at TMPDM Portal"></MailDefinition>
04.    <FailureTextStyle CssClass="failure-text" />
05.    <SuccessTextStyle CssClass="success-text" />
06.    <ValidatorTextStyle CssClass="validators" />
07.    <TitleTextStyle CssClass="title" />
08.    <TextBoxStyle CssClass="input-box" />
09.</asp:PasswordRecovery>

As result, email received but sitefinity password not changed, is there some additional steps needed to reset password  for custom  password recovery pages?

Posted by Community Admin on 18-Mar-2011 00:00

Hi Markus,

I am not able to replicate your issue locally. Could you please send me a screenshot with what you have in the Settings>Advanced so I can check the values there ?

Thanks you very much in advance,
Antoaneta
the Telerik team

Posted by Community Admin on 18-Mar-2011 00:00

Hi Markus ,

Just a quick follow up to your question: 

1. Have you checked your encoding settings? We recommend you to use Unicode (UTF 16).
2. Sitefinity is not fully compatible with ASP.NET membership.

Regards,
Antoaneta
the Telerik team

Posted by Community Admin on 21-Mar-2011 00:00

Encoding set to utf 8
Recovery email recognized well by gmail server, but as in text  format.
Also  Sitefinity still use old template(default), can't understand why, I changed below Parameters several times without any errors from Advanced Settings:

recoveryMailAddress    
recoveryMailBody   
recoveryMailSubject

Maybe there some additional place where from site core reading it ?

Mail headers:
MIME-Version: 1.0
From: noreply@passwordRecovery.com
To: segreyg+manager1@gmail.com
Date: 21 Mar 2011 09:41:43 -0500
Subject: Password
Content-Type: text/html; charset=utf-16
X-ASG-Orig-Subj: Password
Content-Transfer-Encoding: base64

Posted by Community Admin on 21-Mar-2011 00:00

I found source where that info stored, it is SecurityConfig.conf

1.<securityConfig>
2.        . . .
3.    <membershipProviders>
4.        <add recoveryMailAddress="noreply@company.com" recoveryMailBody="Test mail body.<br /><br />User Name: <%\s*UserName\s*%><br />Password: <%\s*Password\s*%>" recoveryMailSubject="Password recovery subject from config" name="Default" />
5.    </membershipProviders>
6.</securityConfig>

1.var conf = Config.Get<SecurityConfig>();
2.var myCustomSubject = conf.MembershipProviders[conf.DefaultBackendMembershipProvider].Parameters["recoveryMailSubject"]

Here for example myCustomSubject is equal to "Password recovery subject from config", but it not applied unfortunatly to received recovery email.
So here we have settings for membership provider with name Default which is not used by Sitefinity by unknown reason.

Telerik Admin:
2. Sitefinity is not fully compatible with ASP.NET membership.

It mean is not possible to create custom forgot password form and use
User user = UserManager.FindUser(userName);
string password = user.ResetPassword();
to email new password by SmtpClient ?!

Posted by Community Admin on 22-Mar-2011 00:00

Hi Markus Berchtold,

To give you some insight of how we actually do the whole process, here are a few parts of the Sitefinity code base:

private static string RecoverPasswordOfUserInternal(string username, string provider, string answer)
    string password = null;
  
    UserManager manager = UserManager.GetManager(provider);
    var user = manager.GetUser(username);
    // try to retrieve the current password if the config says we can
    if (manager.EnablePasswordRetrieval)
    
        try
        
            password = manager.GetPassword(username, answer);
        
        catch
    
    if (string.IsNullOrEmpty(password))
    
        if (manager.EnablePasswordReset)
        
            password = manager.ResetPassword(username, answer);
            manager.SaveChanges();
        
    
    if (!string.IsNullOrEmpty(password))
        SendPasswordMail(manager, user, password);
  
    return password;
        
  
private static void SendPasswordMail(UserManager manager, User user, string newPassword = null)
    var password = newPassword ?? user.Password;
    var message = EmailSender.CreatePasswordMail(manager.RecoveryMailAddress, user.Email, user.UserName, password, Res.Get<ErrorMessages>().PasswordRecoveryDefaultSubject, Res.Get<ErrorMessages>().PasswordRecoveryDefaultBody);
  
    EmailSender.Get().TrySend(message);
  
public static MailMessage CreatePasswordMail(string recoveryMail, string userMmail, string userName, string password, string subject, string body)
    MailMessage message = new MailMessage(recoveryMail, userMmail);
    message.IsBodyHtml = true;
    message.SubjectEncoding = Encoding.Unicode;
    message.BodyEncoding = Encoding.Unicode;
    message.Subject = subject;
  
    var messageBody = body;
    messageBody = messageBody.Replace(UserNameReplacementKEy, HttpUtility.HtmlEncode(userName));
    messageBody = messageBody.Replace(PasswordRecoveryReplacementKey, HttpUtility.HtmlEncode(password));
    message.Body = messageBody;
  
    return message;

We try to remove code like this from our codebase, but time limits and business priorities rarely leave us with enough time to clear everything. Please, log a PITS item, so that this issue gets higher priority.

The "gibberish" problem is that you are using utf-8, and not utf-16 (i.e. Encoding.Unicode). The problem with "parameters" not being used is that they are ignored, and messages from ErrorMessages are used instead. They, in theory, should be able to differ for different cultures if your site is multilingual, but you should send the email seperately for every culture.

In code, you would want to set Thread.CurrentUICulture to the appropriate culture, so that your language of choice is applied.

What we meant by saying that the membership Sitefinity uses is not quite compatible with asp.net's membership system is that Sitefinity does not integrate well with third-party software that uses regular asp.net membership. This is being worked on, and a fix should be available in the coming Qs or internal builds. Forms authentication, Membership and Roles APIs are not expected to work with Sitefinity. Instead, we have SecurityManager, RoleManager and UserManager. Do not hesitate to ask about those APIs if have problems. Since we are still in the process of writing documentation, any input would be appreciated.

Best wishes,
Dido
the Telerik team

Posted by Community Admin on 29-May-2012 00:00

Just to put things in perspective:
We're more than a year later, and this thing is still not open to localization (version 5.0.2080). Used to work fine in version 3.7, like a lot of other things that used to work just fine in 3.7.
We ended up writing our own control which can use a MailSubjecdt and MailBodyFile according to language.


This thread is closed