Forums (Obsolete)

Member

Punt - 10/2/2013 8:35:52 AM

SendPasswordRequest - link not valid

I try to use the AuthenticationHelper.SendPasswordRequest method to reset a password with e-mail approval. But when I click the link in the e-mail to change the password the reset password page tells me the link is not valid.
When I try the same function from the logon page, the link in the mail is valid.

The link from the mail looks like this:
http://**********/ResetWachtwoord?hash=79c95a8814acedaa7132abbf38eef5ed19a6aad06f2027aec4e35f982d2404fc&datetime=02102013152727


Member	Punt - 10/2/2013 8:41:25 AM RE:SendPasswordRequest - link not valid The eventlog shows 'Message: Request identifier hasn't been found.'

Certified Developer 10

josha-bpstudios - 10/2/2013 10:24:23 AM

RE:SendPasswordRequest - link not valid

Have you changed your connection string? Or moved your solution from another server. It could be that the signature of the macros is wrong. Have you tried to resign your macros in the cmssitemanager? Just a suggestion.

I think this could help, but not 100% sure. If you try, make sure you back up your project first.

Otherwise, are you using the same method that the logon page is using?

Member

Punt - 10/3/2013 3:02:37 AM

RE:SendPasswordRequest - link not valid

I'v resigned the macros using the CMSHashStringSalt value from web.config, but still the hash validation failed. I use the same method as the logon page.

The only difference I see is the ResetPassword URL.
From my website it is: http://test.snelstart.nl/ResetWachtwoord?hash...
From my development machine: http://127.0.0.1:82/ResetWachtwoord?hash...


Member	Punt - 10/3/2013 3:38:55 AM RE:SendPasswordRequest - link not valid Problem solved. I had to add the CMSHashStringSalt key in the web.config of my project. Now everything is working fine ;-)

Kentico Legend

Brenden Kehren - 10/3/2013 8:26:02 AM

RE:SendPasswordRequest - link not valid

Punt wrote: I had to add the CMSHashStringSalt key in the web.config of my project. Now everything is working fine ;-)

So I've had this same problem with the link not being valid for quite a while. I do remember reading about resigning the macros and it sounded a bit risky especially with a site that uses macros very heavy and has over 400 pages. So when you resigned your macros you put the key in the web.config with a value and used that same value in the CMSSiteManager and no problems? Of course I'll have a backup, just a little nervous.


Member	Punt - 10/22/2013 1:37:21 AM RE:SendPasswordRequest - link not valid FroggEye, I didn't resign the macros, only added the salt key to the web.config.

Certified Developer 10

josha-bpstudios - 10/23/2013 1:39:31 PM

RE:SendPasswordRequest - link not valid

If you resign them, you don't have to input a new salt key, and it should generate the new hash based on your current connection string. Otherwise, if you want control over that, then you add create your own hash, place it in the web.config and then generate the new macro signature based on that hash. I have regenerated the macro signatures before without specifying a new salt and it has worked.

This is my best guess...

Kentico Legend

Brenden Kehren - 10/24/2013 9:20:36 AM

RE:SendPasswordRequest - link not valid

josha-bpstudios wrote: If you resign them, you don't have to input a new salt key, and it should generate the new hash based on your current connection string. Otherwise, if you want control over that, then you add create your own hash, place it in the web.config and then generate the new macro signature based on that hash. I have regenerated the macro signatures before without specifying a new salt and it has worked.

You are correct. However, how many websites have you built where you've never changed the connection string? I can count on one hand without using any fingers. So although the connection string is a good key to use, its probably not the most functional. So having control over that key is a great feature and I'd suggest making it a best practice to use the key in the future.