Description
Note:
This bug has been fixed at ArcGIS 9.3 Service Pack 1.
When a user recovers a password, the 'From:' address in the e-mail may be 'username@yourdomain.com', rather than the e-mail address set in the Manager security wizard. This occurs in both the Web Mapping Application, when the password is recovered from the Login.aspx page, and in the /ArcGIS/Security/PasswordRecovery.aspx page. This occurs only in ArcGIS Server for the Microsoft .NET Framework.
Cause
The 'From:' address in the ASPX page is overriding the correct e-mail address as set in the web.config file by Manager. The 'From:' address must be removed to allow the correct e-mail address to be used.
Workaround
The following edits will allow the 'From:' address set by Manager to be used when password recovery e-mails are sent.
Note:
In order for password recovery to be enabled, the security wizard must have been used in Manager to configure the password recovery settings.
See ArcGIS Server Help for more information on configuring password recovery.
- Use a text editor such as, Notepad or an IDE such as, Visual Studio to open the file C:\Inetpub\wwwroot\ArcGIS\security\PasswordManager.aspx. If Internet Information Server (IIS) or the ArcGIS Web application is installed in a different location, replace 'C:\Inetpub\wwwroot' in the above file path with the alternate location. If using Visual Studio, change the view to Source (markup) if necessary.
- In the .aspx page, find the following text and change it from:
<MailDefinition Subject="Information about your account" BodyFileName="~/PasswordRecoveryMail.txt" From="username@yourdomain.com">
</MailDefinition>
to:
<MailDefinition Subject="Information about your account" BodyFileName="~/PasswordRecoveryMail.txt">
</MailDefinition>
Save the file. - Repeat the previous two steps for the following files:
- C:\Inetpub\wwwroot\ArcGIS\Manager\Modules\Applications\Templates\mv_cs\Login.aspx
- C:\Inetpub\wwwroot\ArcGIS\Manager\Modules\Applications\Templates\mv_vb\Login.aspx
- For all Web Mapping Applications previously created and to which security has been or may be applied, apply the change to the Login.aspx page in those Web applications. These applications are typically folders in C:\Inetpub\wwwroot.