The purpose of this topic is to list frequently asked questions (FAQs) related to the Password Reset functionality in the Aptify Service-Oriented Architecture (SOA)

• What authentication methods are supported?
• How is the URL sent in the Notification Email generated?
• How Do I Enforce Additional Password Requirements?

• How Do I Include Additional Information in the Notification Email?

• What's the fastest way to get started?

What authentication methods are supported?

At this time only the Web User Authentication Provider supports password reset.  Out of the box, trusted and untrusted users cannot be reset using the mechanism described here.  It is possible to build out plugins to support this if this behavior is desired.

How is the URL sent in the Notification Email generated?

The default Password Reset Notifier reads the Authentication Provider attribute PasswordResetURL to get the base URL, and then appends the Token as a URL parameter.  Typically this attribute would be set to a page in your website that the user should navigate to to complete their reset request.  This page would be responsible for gathering the required information necessary for the call to Aptify.framework.utility.resetPassword().  The value of this page is set in web.config: 

How Do I Enforce Additional Password Requirements?

Using the Aptify.Security.Provider.dll assembly write a new class that extends PasswordRequirementValidatorBase.  If the password is not valid, return false and put an error message into the provided List.  Once the plugin is written and you have created a Password Requirement Plugin record for it, associate it with the appropriate Authentication Provider record.  

How Do I Include Additional Information in the Notification Email?

If the new information is static or dynamic and on the Web User entity, simply update the Message Template on the Password Reset Notifier being used by your Authentication Provider.  If you require other dynamic information in the email you will need to:

• Create an staging entity that captures the required information
• Create a new Password Reset Notifier record with a new .NET plugin class.  This new class should extend PasswordResetNotifierBase in the Aptify.Security.Provider.dll assembly.  In the NotifyUser method create the new staging entity record and the appropriate Message Run record to generate the notification.  Associate this Password Reset Notifier with your Authentication Provider record.

What's the fastest way to get started?

Assuming no new password requirements are required you can: 

1. Create a page in your website / application to initiate a password reset request.  This requires the web user userid and the email address associated with that userid.  This page calls Aptify.framework.utility.passwordResetRequest to initiate the request. 
2. Create a page to complete the password reset request.  This requires the web user userid, the new password and the token generated from the web request.  When the user navigates to this page, the token will be in a URL parameter named token. This page calls Aptify.framework.utility.passwordReset to change the password. 
3. Update SOA’s web.config.  Look for PasswordResetUR’ and change its value to be a URL to the page generated in step 2.  This is how the correct URL to the password reset page is generated for the notification email. 
4. Configure a Message System and ensure the Message Template Standard Web User Password Reset is using it.