Enabling Email and Password Reset in Sitefinity

Jun 20, 2017

One of the common requests I get when working on various Sitefinity projects is to enable a feature in the Sitefinity backend that, by all appearances, is already on by default. I am talking, of course, about the ability for a site administrator to reset a Sitefinity user’s password from the backend, which reveals the password to the administrator (should they wish to notify the user personally) and also send an email to the user whose password was changed. While the UI is there out of the box and Sitefinity lets you attempt a password reset, in actuality nothing will happen until you configure Sitefinity properly for it. This post outlines the steps you have to take in order to enable this functionality. And, as a consequence of setting up password reset, we’ll also walk through initial email configuration and getting that up and running as well.

Appearances can be Deceiving

In a brand new Sitefinity 9.2 project (9.2.6200 to be exact), I created a sample user “Bob” and set his initial password to “stars12.” Then I went back into this user’s edit screen, and attempted to select the “Reset password” button on the right. Ideally this would work straight out of the box. But let’s see what happens:


The button disappears a moment, then flashes back. Did it work? Nope! Bob is still able to log in with his old password. Unfortunately, Sitefinity gives no indication that the password reset attempt failed. Even the XHR (AJAX) request it makes to the MembershipSettings service returns HTTP 200 OK. The error log is still empty. As far as the application is concerned, no errors occurred and everything is fine.

Despite all evidence to the contrary, the password reset request did not go through. A successful password reset would look like the following, revealing the new password to the administrator:


If you see the above when you attempt a password reset, then your site is already configured properly. If not, continue reading!

Enabling Password Reset in Membership Provider Settings

Head over to Administration, Settings, then click “Advanced Settings” and then “Security.” (You can get there quicker by going straight to, where “” is your real Sitefinity site.) From there, expand “Membership Providers”, then expand “Default” on the left side. Click the “enablePasswordReset” parameter and change its value from “false” to “true” then click “Save changes.” As you can see, this feature is, in fact, disabled by default!


In addition, you have to set the “recoveryMailAddress” parameter, as this is also unset by default. Set it to any email address that you wish to appear in the “From” field of the email that is sent to notify the user. Optionally, you may also modify the “recoveryMailSubject” and “recoveryMailBody” parameters here, to customize the password reset email further. But they have defaults that will work out of the box.

Configure Email Settings

At this stage, Password Reset still will not function. If your site’s email settings are not configured, Sitefinity won’t attempt a password reset, as there are no means for Sitefinity to send the reset email out. There are several locations within Sitefinity settings to configure email, but thankfully this feature uses the most logical one: SMTP Settings.

While in Advanced Settings, navigate to System, then SMTP (Email Settings). This offers the ability to add or change any settings related to your site’s SMTP server. This naturally varies from server to server, whether you need credentials, SSL enabled, different host, etc.

In my example I am running a free nifty little program called smtp4dev. This program just tosses up a little email-catcher in your system tray, listening on port 25 for emails sent to localhost. It’s lightweight and perfect for local email testing scenarios.


Back in settings, at minimum you have to specify the Host property and the DefaultSenderEmailAddress property. For the host I’m specifying “localhost”, and for the address (also used as the “from” field in Sitefinity) I’m using the same value that I did for the recoveryMailAddress parameter we set earlier. We have to set the default address even though we’re not using it in this instance, otherwise Sitefinity won’t consider email to be set up, and won’t work.

After making these changes, click “Save changes” as before. Then restart your site to ensure that the configuration is properly refreshed.

Working Example

Now that we’ve properly configured Sitefinity and have restarted our application, we should now be able to reset Bob’s password. Here it is in action:

And here’s the email that Bob got. Note the various email fields (From, To) and how the password is available to the user post-password reset.

After the password email and change is done, Bob is now able to login using his newly-generated password, and his old password of “stars12” is no longer valid.

Side Benefit

As a result of configuring all the settings for password reset, the site is now properly configured to send email through its default channels. A lot of Sitefinity functionality uses the same SMTP settings we set up. Others require further configuration, but having these basics up and running is a good head start in those scenarios.

Wrap Up

In general, if you find a feature in Sitefinity not behaving as expected, and the feature is tied in some way to email, you’ll want to verify that the functionality is enabled and that your site has email configured properly. As mentioned earlier, Sitefinity has multiple locations in settings where email is configured (Notifications is a good place to start looking, within Settings > Advanced). Other configurations is beyond the scope of this post, but I may touch upon getting other forms of email-based features working in future posts. Stay tuned!

Load more reviews
You've already submitted a review for this item

Copyright © 2020 Alain "Lino" Tadros
Using Sitefinity 13.0.7300