BoostSolutions Password Reset is a simple yet highly-featured web part that lets users reset their
password right on their SharePoint page without having to contact IT or administrator. Resetting a
password can be done right on the web part or through an email confirmation.
Please note: anonymous access must be activated to use Password Reset Web Part. (See the best practice)
2. Reset Password via Security Questions
a. Go to Central Administration > BoostSolutions Software > Password Reset Settings.
b. Once on Password Reset Settings page, click Create new password reset setting.
c. There are two kinds of Authentication Types – Windows Authentication and Form Based Authentication. Here we select Windows Authentication.
d. Setting up Windows Authentication Password Reset is quite simple and easy to understand. If all information is set up properly, you may Test the connection and see that it will confirm that it is valid. (See below)
e. Under Security Questions tab, configurate these settings.
In Enable Security Questions section, select the checkbox of Enable Reset Password via Security Questions, it means that resetting password involves answering security question(s).
In Basic Setting section, specify the maximum number of security questions user could define. The number must be between 1 and 3.
In Password Receive Type, select Display in web part, which means that users would receive their password reset code straight on the web part.
In Custom Security Questions, select the checkbox of User can define custom questions option. it means users can formulate their own password reset security question.
f. Then click OK to save above settings.
g. Open a site collection and login a user, there’s a popup on the corner right hand side of their web page constantly reminding the user to set his Password Reset preferences.
h. Click the Manage Password Reset Settings, and he/she will be directed to My Password Reset Settings page.
In Current Password section, type the password to confirm his identity. Password is compulsory or else it will not confirm your settings.
In Security Questions section, choose the security question and type the answer.
i. Click OK to confirm everything and My Password Reset settings is saved.
j. Add the Password Reset Web Part on home page.
k. On the Web Part, user must input her domain and username, and click Reset Password button.
l. A prompt would ask user how he/she wants to reset the password, because we just configure security question in central administration, here we select via a Security Question.
m. Upon clicking the radio button, a prompt would ask user to answer the security question he/she has previously set up.
n. Type the answers for the security question and click Next, a new password will be displayed and will prompt the user to sign in with the new password.
If you both configure Security Questions and E-mail Settings in Central Administration, a user can choose how to reset the password from two options like this:
It is important that you set up the Password Reset SMTP settings to make sure you are able to send emails with the new password.
a. Go to Central Administration > BoostSolutions Software > Password Reset Settings.
b. Once on Password Reset Settings page, click Create new password reset setting. Then select Windows Authentication.
c. Under the Authentication tab, configure the windows authentication and click Test to verify the connection.
d. Under E-mail Settings tab, configurate these settings.
In Reset Password via E-mail section, select the checkbox to let the user choose to reset his password via an email that contains a confirm link to reset his password.
In Alternative E-mail section, select the checkbox to let users input their alternative email just in case the default email is also locked out.
e. Then click OK to save above settings.
f. Open a site collection and login a user, click My Password Reset Settings.
g. Then he/she will be directed to My Password Reset Settings page.
In Current Password section, type the password to confirm his identity. Password is compulsory or else it will not confirm your settings.
In E-mail section, type an e-mail address which is used to reset password.
h. Click OK to confirm everything and My Password Reset settings is saved.
i. Add the Password Reset Web Part on home page.
j. On the Web Part, input the domain and username, and click Reset Password button.
k. A prompt would ask user how to reset the password, because we configure E-mail settings, here we select Via E-mail Address option.
l. After clicking the Via E-mail Address radio button, it will prompt user to confirm that the password reset be sent to the email, click Next and the new password will be sent to your email.
m. Open the confirmation email, and click the confirmation link.
n. Then the new password will be shown on the page as following.
If you both configure Security Questions and E-mail Settings in Central Administration, a user can choose how to reset the password from two options like this:
4. Best Practice to Use the Password Reset
Note:The environment in this example is based on Windows Server 2008 R2, SharePoint 2016, IIS 7.5 and BoostSolutions Password Reset 1.3.
Password Reset Web Part is designed to reset password if users forgot their password or their password are expired. But in general, users who don't know the password cannot login the SharePoint site even though the Password Reset web part is added in a SharePoint page. The big challenge is that the SharePoint web sites don't allow anonymous access by default.
4.2. SharePoint Anonymous Access
Note: We didn't configure following settings automatically in our product because it will change the security settings. Please make sure you understand the meaning of following operation.
In order to access the web page for the users which don't know their password, you have to enable the SharePoint anonymous access, and by default it is closed for security reason. SharePoint supports anonymous access control in different level. And Farm administrator, site administrator and list administrator could decide if enable the anonymous access in the web application, site and list level. And you can only make the anonymous user access the Password Reset page to protect your data which stored in the SharePoint.
4.3. Make the BoostSolutions Password Reset Accessible
4.3.1. Configure the SharePoint Anonymous Access
a. Enter the Web Application Management page through Central Administration > Application Management > Manage web applications.
b. Click the web application which needs the password reset in the web application list and click the Authentication Providers ribbon button to enter the Authentication Providers setting page.
c. Click the Zone which the password reset will work in (In general, it's the Default) and enter the Edit Authentication page.
d. Check the checkbox in the Enable anonymous access to enable it.
e. Enter the SharePoint site which need the password reset, and enter the Site permissions page.
f. Click the Anonymous Access ribbon button to open the anonymous access settings.
g. Check the Lists and Libraries options and click OK.
4.3.2. BoostSolutions Password Reset Page
BoostSolutions Password Reset supplies a special page in the product folder, which contains a password
reset. You can access the page through
http://<siteurl>/_layouts/SharePointBoost.PasswordReset.PL/AnonymousWebpartPage.aspx
You can send this link to your users when they need to reset password.
BoostSolutions default Password Reset page only contains the Password Reset control to reset password. It maybe cannot fit you SharePoint theme. It's written by the standard aspx Page and you can customize it though any editor.
Besides, you can also add our Password Reset Web Part to a custom Web Part page, and enable anonymous access for this page. You can use this page as your password reset page.
4.3.3. Use the 401 Error Page to Redirect Automatically (optional)
If you configure the 401 redirect settings in the web.config file in a site, users which login failed will be redirected to the password reset page automatically.
a. Run the IIS Manager via Start > Administrative Tools > Internet Information Services (IIS) Manager Right click the site (It maps to a SharePoint Web Application) in the site tree and click Explore to open root folder of this site.
b. Create a loginfailed.html in this folder and add a link to the password reset page. (click here to download loginfailed.zip ).
c. Use any xml editor or text editor to open the web.config file. (Before doing this, you'd better make a copy for it).
d. Use the search tool to find the httpErrors node. And change it as following image. You can replace the path to any web page you want to redirect to.
If you cannot find the httpErrors node, please add above codes in web.config file.
e. Save the web.config file and close the editor.
f. Enter your SharePoint site, if your login failed, you will be redirect to loginfailed.html.
g. To reset the password, click Click here link. Then you will be redirected to Password Reset page as following.
h. Enter the user name and click Reset Password button, then you can reset the password.
