Reset Password

Eric Garrison asked on January 6, 2015 04:10

In Kentico 8.1, is there a way to make it so the Reset Password in the /CMSDESK works like the Forgot Password link. For security reasons, we would rather not have it email a generated password but to send the Change Password link. The reason is, when you do Generate Password, it creates a new password, but the user is not required to change the password on first login, like the Forgotten Password link does.

site security password authentication

Correct Answer

Brenden Kehren answered on January 6, 2015 16:16

Eric,

You'd have to physically change the action taken on that User password page in the Site Manager because the action is physically changing the password, which is why it sends the actual password to the user and not a link. The link triggers them to reset it, that button click has already reset it. Take a look at the physical file that does that work here: /CMSModules/Membership/Pages/Users/User_Edit_Password.aspx.

You could create your own version of it and have an additional button or refactor that other button and have it do what you want. In fact, you could create a webpart that does this now with v8 and simply change the UI structure in the User app/module to use a standard page template with your webpart.

0 votesVote for this answer Unmark Correct answer

Recent Answers

Reza Zareian Fard answered on January 6, 2015 07:06

Have a look at this article: https://docs.kentico.com/display/K8/Forgotten+password

0 votesVote for this answer Mark as a Correct answer

Eric Garrison answered on January 6, 2015 14:21

Reza - thank you for the link. That is how I have the site configured and the front end is working that way. My issue is with the Customer Service people who will use CMSdesk to administer the users. The CMSdesk is password reset sends email with a new password. It then stays their password. I can live with it sending, if the password must be reset. For security, I cannot have passwords sitting in email boxes. Kentico addressed this on the front end, but not with the admins.

0 votesVote for this answer Mark as a Correct answer

Eric Garrison answered on January 6, 2015 16:03

Here is where my issue comes from. If I take the Global password reset template that has: Your password has been changed.

Your user name and new password are:

User name: {%TrimSitePrefix(UserName)%}
Password: {%Password%}

If I change the {%Password%} token to {% ResetPasswordURL %}, the Link is blank when Admins initiate the reset.  The mail has `<a data-cke-saved-href="" href="">this link</a>`

0 votesVote for this answer Mark as a Correct answer

Eric Garrison answered on January 6, 2015 22:54

We ended up altering the /CMSModules/Membership/Pages/Users/User_Edit_Password.aspx and the code behind. Took out the feature to email password. It didn't replicate the feature of the front end, but kept CSR's from being able to initiate an email with the password. Thanks for the assistance.

0 votesVote for this answer Mark as a Correct answer

Brenden Kehren answered on January 7, 2015 13:41

Good to hear Eric. Remember modifying the base files like that isn't recommended and know you will receive an error when you perform a hotfix or upgrade.

0 votesVote for this answer Mark as a Correct answer