API
Version 7.x > API > SendPasswordRequest - link not valid View modes: 
User avatar
Member
Member
Punt - 10/2/2013 8:35:52 AM
   
SendPasswordRequest - link not valid
I try to use the AuthenticationHelper.SendPasswordRequest method to reset a password with e-mail approval. But when I click the link in the e-mail to change the password the reset password page tells me the link is not valid.
When I try the same function from the logon page, the link in the mail is valid.

The link from the mail looks like this:
http://**********/ResetWachtwoord?hash=79c95a8814acedaa7132abbf38eef5ed19a6aad06f2027aec4e35f982d2404fc&datetime=02102013152727

User avatar
Member
Member
Punt - 10/2/2013 8:41:25 AM
   
RE:SendPasswordRequest - link not valid
The eventlog shows 'Message: Request identifier hasn't been found.'

User avatar
Certified Developer 10
Certified Developer 10
josha-bpstudios - 10/2/2013 10:24:23 AM
   
RE:SendPasswordRequest - link not valid
Have you changed your connection string? Or moved your solution from another server. It could be that the signature of the macros is wrong. Have you tried to resign your macros in the cmssitemanager? Just a suggestion.

I think this could help, but not 100% sure. If you try, make sure you back up your project first.

Otherwise, are you using the same method that the logon page is using?

User avatar
Member
Member
Punt - 10/3/2013 3:02:37 AM
   
RE:SendPasswordRequest - link not valid
I'v resigned the macros using the CMSHashStringSalt value from web.config, but still the hash validation failed. I use the same method as the logon page.

The only difference I see is the ResetPassword URL.
From my website it is: http://test.snelstart.nl/ResetWachtwoord?hash...
From my development machine: http://127.0.0.1:82/ResetWachtwoord?hash...

User avatar
Member
Member
Punt - 10/3/2013 3:38:55 AM
   
RE:SendPasswordRequest - link not valid
Problem solved.

I had to add the CMSHashStringSalt key in the web.config of my project. Now everything is working fine ;-)

User avatar
Kentico MVP
Kentico MVP
Brenden Kehren - 10/3/2013 8:26:02 AM
   
RE:SendPasswordRequest - link not valid
Punt wrote: I had to add the CMSHashStringSalt key in the web.config of my project. Now everything is working fine ;-)
So I've had this same problem with the link not being valid for quite a while. I do remember reading about resigning the macros and it sounded a bit risky especially with a site that uses macros very heavy and has over 400 pages. So when you resigned your macros you put the key in the web.config with a value and used that same value in the CMSSiteManager and no problems? Of course I'll have a backup, just a little nervous.

User avatar
Member
Member
Punt - 10/22/2013 1:37:21 AM
   
RE:SendPasswordRequest - link not valid
FroggEye, I didn't resign the macros, only added the salt key to the web.config.

User avatar
Certified Developer 10
Certified Developer 10
josha-bpstudios - 10/23/2013 1:39:31 PM
   
RE:SendPasswordRequest - link not valid
If you resign them, you don't have to input a new salt key, and it should generate the new hash based on your current connection string. Otherwise, if you want control over that, then you add create your own hash, place it in the web.config and then generate the new macro signature based on that hash. I have regenerated the macro signatures before without specifying a new salt and it has worked.

This is my best guess...

User avatar
Kentico MVP
Kentico MVP
Brenden Kehren - 10/24/2013 9:20:36 AM
   
RE:SendPasswordRequest - link not valid
josha-bpstudios wrote: If you resign them, you don't have to input a new salt key, and it should generate the new hash based on your current connection string. Otherwise, if you want control over that, then you add create your own hash, place it in the web.config and then generate the new macro signature based on that hash. I have regenerated the macro signatures before without specifying a new salt and it has worked.
You are correct. However, how many websites have you built where you've never changed the connection string? I can count on one hand without using any fingers. So although the connection string is a good key to use, its probably not the most functional. So having control over that key is a great feature and I'd suggest making it a best practice to use the key in the future.