Password Reset Email does not send Reset Link

Issue

When a user requests a password reset for their account, the system sends an email to the user with details on how to reset their password; however, the email contains neither a password nor a reset password link to action.

Environment

DNN 9.0 and above

For configuration of the Global Resources on DNN 8.0 and below, please refer to Edit Global Resource Content.

Root Cause

This issue is portal-specific and may have two related root causes:

If the email does not contain a reset password link

The Global Resources file, GlobalResources.resx, handles the behavior of the "EMAIL_PASSWORD_REMINDER_BODY.Text" which should correctly point to a Password reset link, for example:

Link to reset password: [Portal:PASSWORDREMINDERURL]?ctl=PasswordReset&resetToken=[Membership:PasswordResetToken]

However, if any portal-specific Global Resources files, such as GlobalResources.portal-1.resx or GlobalResources.portal-2.resx, have a different configuration (as the one seen below), then the portal-specific Global Resources files would take precedence on the system.

If the email does not contain a password

The "EMAIL_PASSWORD_REMINDER_BODY.Text" might be correctly pointing to a password, for example:

Password: [Membership:Password]

However, if the web.config file has been set to have password formats encrypted (as seen below):

<add name="AspNetSqlMembershipProvider" .... passwordFormat="Encrypted" ...>

Then the password value as clear-text cannot be successfully pulled as it has been encrypted and is unreadable; therefore, the email sends no value for this field.

Resolution

Modify the Global Resources file or any portal-specific instances to point to the same configuration. If a password reset link is needed, the correct configuration for both files under "EMAIL_PASSWORD_REMINDER_BODY.Text" should be:

Link to reset password: [Portal:PASSWORDREMINDERURL]?ctl=PasswordReset&amp;resetToken=[Membership:PasswordResetToken]

We strongly recommend not sending clear-text passwords and using a password reset link on this type of scenarios.

 

Related Articles

 

Article by: Ruben González G.

 

Comments

0 comments

Please sign in to leave a comment.