Password reset issue

kuntesh thakker asked on November 13, 2018 21:56

We are facing below issues with password reset in kentico where users are not able to reset thier passwords sometimes . We are using Kentico 11

  1. Request identifier hasn’t been found . Sometime users facing below issue . User setting table has the NULL value against hash key and in email hash is sent properly

https://www.screencast.com/t/mzk0ANbma

  1. The CSRF cookie was missing

https://www.screencast.com/t/Of18rVBV27Mq

Here are some below tickets for references

https://devnet.kentico.com/questions/password-reset-cancellation-records-in-event-log-as-an-error

https://devnet.kentico.com/questions/kentico-7-password-reset-issue

https://stackoverflow.com/questions/39032132/kentico-reset-password-control-validationfail

https://devnet.kentico.com/forums/f65/fp23/t39763/reset-password-errors

https://devnet.kentico.com/questions/password-reset-cancellation-records-in-event-log-as-an-error

Recent Answers


Juraj Ondrus answered on November 14, 2018 10:32

Hi,
Isn't it possible that there is some filtering software checking the links in the emails? Certain types of web filtering software may interfere with password reset links. If an automatic tool accesses the password reset page before it is opened by the actual user's client, the password recovery request will be invalid. In this case, you need to add exceptions for this kind of emails or do not use the password reset through emails.

What are the steps leading to this issue? This error is just to let you know that some form was submitted without the hidden cookie/token in the browser - a typical attack CSRF attack. So, maybe it is good that it was raised - but it depends on the steps leading to this error. In some cases it may prevent some forms from working correctly if the protection is not set properly.

0 votesVote for this answer Mark as a Correct answer

kuntesh thakker answered on November 14, 2018 21:59

Hello ,

In that case it should let me know about invalid request but users are not getting any errors during the reset process .

We have used load balancer , can this cause the issue https://docs.kentico.com/k10/configuring-kentico/optimizing-website-performance/setting-up-web-farms

Also it looks like this is happening for imported users only , i have used below code to import the users

                    newUser = new UserInfo();
                    newUser.UserName = usrNamee;
                    newUser.FirstName = sanitizeDataToString(row["FirstName"]);
                    newUser.LastName = sanitizeDataToString(row["LastName"]);
                    newUser.FullName = sanitizeDataToString(row["FirstName"]) + " " + sanitizeDataToString(row["LastName"]);
                    newUser.Email = cleanEmail;
                    newUser.UserEnabled = true;
                    newUser.SetValue("Language", "English");

                    newUser.SetValue("Country", sanitizeDataToString(row["Country"]));
                    newUser.SetValue("Address1", sanitizeDataToString(row["Address1"]));
                    newUser.SetValue("Address2", sanitizeDataToString(row["Address2"]));
                    newUser.SetValue("City", sanitizeDataToString(row["City"]));
                    newUser.SetValue("State", sanitizeDataToString(row["State"]));
                    newUser.SetValue("Zip", sanitizeDataToString(row["PostalCode"]));
                    newUser.SetValue("OptedIn", true);

                    UserInfoProvider.SetUserInfo(newUser);
                    userID = newUser.UserID;
                    UserInfoProvider.SetPassword(newUser.UserName, "qwerty" + cleanEmail + "asd1123fgh");
                    UserSiteInfoProvider.AddUserToSite(userID, CurrentSite.SiteID);

                    if ((role != null) && (userID != null))
                    {
                        // Create new user role object
                        UserRoleInfo userRole = new UserRoleInfo();

                        // Set the properties
                        userRole.UserID = userID;
                        userRole.RoleID = role.RoleID;

                        // Save the user role
                        UserRoleInfoProvider.SetUserRoleInfo(userRole);
                    }

Not sure if we are missing anything while importing the users

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.