Forgot Password - Technical Information

eWeb contains a Forgot Password feature. This page explains the various details of the feature.

A user is asked to enter their e-mail address. If the system finds a unique match, then an email based on a template is sent to that email address. The email contains a link to the Change Password page with a token that expires in 15 minutes. If the user opens the email and clicks the link within 15 minutes, then the user is able to reset their password and log in. If the user clicks an old link that does not contain a token, or if the token is expired, the user is not able to reset their password.

If there is no email match, then an error message appears telling the user to contact the association. If multiple customers are found with the email address entered, then a different error message appears telling the user to contact the association; this is done because netFORUM cannot know which customer is the one to use.

The page for this feature is in the Access ControlWeb Section of the baseline eWeb site and has a WebCode called forgotpassword.

Page Flow

The flow chart below illustrates the forgot password functionality.

Forgot Password - Technical Information page flow


Template

You must setup a Correspondence Template. The user who uses the Forgot Password feature will get an email based on this template. Baseline netFORUM ships with a template that can be used; the template code is ForgotPassword. Be sure to correct the URL is embedded in the template. The default text in the template is:

{template:Baseline_Template_Header}
<p>Dear {cst_name_cp},</p>
<p>We have received your password request. The link below is good for one use and will expire 15 minutes after it is issued. Please follow the link below within 15 minutes to reset your passwordrd:<br />
<a href="http://{HttpServerNameBasePath}/eweb/ForgotPassword.aspx&key1={cst_key}&key2={cst_temp_password_token}">click here</a></p>
<p>If you did not make this request, please <a href="mailto:">contact us</a> immediately.</p>

If this template does not exist, then add it and call it ForgotPassword, or add a new one and be sure to change the /eweb/web.config configuration setting as described below.

Configuration Settings

The following line in the eWeb web.config file hides the Forgot your password? hyperlink on the login page, if value is set to True:

<add   key="forgotPassword"   value="false"/>

System uses the value to send instructions in a Correspondence Template to user after Password change process is initiated:

<add   key="ForgotPasswordTemplateCode"   value="baseline_forgot_password"/>

FAQ

Q. Will this feature work for an eWeb User if there is more than one user with the same user name?

A. No. When this feature checks the user name entered by the user, if more than one account is found, then the process cannot continue because netFORUM cannot know which customer to choose. The user is shown a message saying "Please call..."

Q. netFORUM does not send the forgot password email when users select the forgot password link. How can this be resolved?

A. Check to see if the system option EmailNotifyFrom is populated. This system option needs to be populated in order for the forgot password email to be sent.

Q. What happens if the user allows the token to expire?

A. The user is unable to reach the Change Password page, the user is redirected to an error page and then to the home page.