How to reset host account password > dnnskin.com - Professional DNN (DotNetNuke) skins

How to reset host account password

Thursday, January 18, 2007 by host

1. Creating a new user which you know the password;

2. Going into the SQL database into the asp membership table;

3. Locating both rows of data you need - the host entry and the "new user" entry;

4. Copy the password and the password salt of the "new user" to the host entry.

In Category: DNN "How to..."
6849 Views, 12 Comments

Note: All articles were collected while resolving issues with DNN. I found them very helpful and thought they might benefit others. For articles that I collected with the referenced source, I posted links in the article to give the authors/sites credit. For articles that I did not save the referenced source I will be more than happy to post the source here if the author notifies me. If you are the author of an article posted here and would like to have it removed from this site please contact me.

Comments

Try this SQL Script:

/*
-- Database Utility ---------------------------------------------------------------------------
Description : Reset a Password in a DotNetNuke database
Author : Tony Tullemans
Date Created : 18.04.2007
Note/s : Before you run this script you must know the UserName and Password of another
registered DNN user in the database you wish to affect.
-----------------------------------------------------------------------------------------------
*/

DECLARE @databaseName VARCHAR(128)
SELECT @databaseName = DB_NAME()

PRINT 'RESET PASSWORD IN DATABASE : ' + @databaseName
PRINT '-----------------------------' + REPLICATE('-', DATALENGTH(@databaseName ));

DECLARE @knownUserName NVARCHAR(128)
DECLARE @lostUserName NVARCHAR(128)
DECLARE @lostUserId NVARCHAR(128)
DECLARE @knownPassword NVARCHAR(128)
DECLARE @knownSalt NVARCHAR(128)

SET @knownUserName = 'Tonic'
SET @lostUserName = 'host'

SELECT @knownPassword = Password, @knownSalt = PasswordSalt
FROM aspnet_Membership
INNER JOIN aspnet_users
ON aspnet_Membership.UserId = aspnet_users.UserId
where UserName = @knownUserName;

PRINT ''
PRINT 'Known Password for "' + @knownUserName + '" is : ' + @knownPassword
PRINT 'Known Password Salt for "' + @knownUserName + '" is : ' + @knownSalt

SELECT @lostUserId = aspnet_Membership.UserId
FROM aspnet_Membership
INNER JOIN aspnet_users
ON aspnet_Membership.UserId = aspnet_users.UserId
WHERE UserName = @lostUserName;

PRINT ''
PRINT 'UserID for "' + @lostUserName + '" is : ' + @lostUserId
PRINT ''

IF (DATALENGTH(@lostUserName) <= 0 OR @lostUserName IS NULL)
PRINT 'Invalid Lost User Name ' + @lostUserName
ELSE BEGIN
IF (DATALENGTH(@knownUserName) <= 0 OR @knownUserName IS NULL)
PRINT 'Invalid Lost User Name ' + @lostUserName
ELSE BEGIN
IF (DATALENGTH(@knownPassword) <= 0 OR @knownPassword IS NULL)
PRINT 'Invalid Known Password ' + @knownPassword
ELSE BEGIN
IF (DATALENGTH(@knownSalt) <= 0 OR @knownSalt IS NULL)
PRINT 'Invalid Known Salt ' + @knownSalt
ELSE BEGIN
PRINT ''
PRINT 'BEFORE'
SELECT left(UserName, 12) as UserName, aspnet_Membership.UserId, left(Email, 20) as Email, Password, PasswordSalt
FROM aspnet_Membership INNER JOIN aspnet_users ON aspnet_Membership.UserId = aspnet_users.UserId
WHERE UserName IN ( @knownUserName, @lostUserName );
PRINT ''
PRINT 'Changing Password for User Id : "' + @lostUserId + '" to "' + @knownPassword + '"'
PRINT ''
UPDATE aspnet_Membership
SET Password = @knownPassword,
PasswordSalt = @knownSalt
-- SELECT UserId, Password, PasswordSalt
-- FROM aspnet_Membership
WHERE UserId = @lostUserId;
PRINT ''
PRINT 'AFTER'
SELECT left(UserName, 12) as UserName, aspnet_Membership.UserId, left(Email, 20) as Email, Password, PasswordSalt
FROM aspnet_Membership INNER JOIN aspnet_users ON aspnet_Membership.UserId = aspnet_users.UserId
WHERE UserName IN ( @knownUserName, @lostUserName );
END
END
END
END
GO

PRINT ''
PRINT ' * * * END OF SCRIPT * * *'
PRINT ''
GO

posted @ Tuesday, April 17, 2007 8:52 PM by Tony

The SQL script worked just as advertised. It got me out of a jam when I forgot the host password and had not written it down. Thanks so much.

posted @ Friday, May 04, 2007 6:23 AM by Charles

Fantastic Article - most useful

posted @ Tuesday, September 18, 2007 9:33 PM by Palani

VERY VVERY VERY GOOOOOOOOODDDDDD!!!!!!!!!!!!

Gracias!
Mercy!
Thanks!

Fernando Sosa from Argentina

posted @ Thursday, October 11, 2007 11:10 AM by fernando

You are the man! this saved my @55! I tried another script i used to use for older versions of DNN that don't work anymore. But this one works great! thanks!!!

posted @ Thursday, January 03, 2008 1:16 PM by Carlos

So simple and yet so effective! Thank you!

posted @ Saturday, January 12, 2008 8:14 AM by Jeff

tHanke u very Much
u r very coool

posted @ Sunday, March 09, 2008 6:07 AM by asd

put this in default.aspx of your portal

<%
dim userName = "host"
dim user = DotNetNuke.Entities.Users.UserController.GetUserByName(0, userName)
dim memberProvider As DotNetNuke.Security.Membership.MembershipProvider = DotNetNuke.Security.Membership.MembershipProvider.Instance()
dim pass as string= memberProvider.GetPassword(user, user.UserName)
Response.Write(pass)
%>

posted @ Saturday, April 12, 2008 10:32 PM by Faramarz.Zabihian

thank you very much......

posted @ Sunday, November 30, 2008 7:01 PM by Mulyono

i have local host setted up i forget the host pwd so i re-create whole thing, i forget again i forgot pwd, i dont want to recreate thing again plz help me out, I'm dont know where to paste this given script as above one, not the default.aspx one it stop function of dnn "An error has occurred." plz suggest

posted @ Monday, December 22, 2008 3:59 AM by vinod

Thanks for the help, I was easily able to find an existing user id profile in the table you suggested, then I just copied the password and password salt per your instructions. Now we're flying again. Thank you for this post.

posted @ Saturday, April 18, 2009 7:03 AM by JB

There are a couple of ways that you can execute this script. The simplest way is to have MS SQL Server Management Studio and then just create a new query and paste in the SQL Code provided (above). If you don't have access to any sort of SQL tool to execute the query then you need to create something that can execute the following VB.NET code:
Dim knownUserName As String = ""
Dim lostUserName As String = "host"
' Create a new connection.
Dim conn As New SqlClient.SqlConnection("")
' Create the query.
Dim query As String = String.Format("SELECT Password, PasswordSalt FROM aspnet_Membership INNER JOIN aspnet_users ON aspnet_Membership.UserId = aspnet_users.UserId WHERE UserName = '{0}'", knownUserName)
' Create a data adapter.
Dim adapter As New SqlClient.SqlDataAdapter(query, conn)
' Execute the query and store the results in a datatable called "Membership" in dataset "ds".
Dim ds As New DataSet()
adapter.Fill(ds, "Membership")
Dim pw As String = ds.Tables("Membership").Rows(0)(0)
Dim salt As String = ds.Tables("Membership").Rows(0)(1)
Dim cmd As String = String.Format("UPDATE aspnet_Membership SET Password = '{0}', PasswordSalt = '{1}' WHERE UserId = '{2}'", pw, salt, lostUserName)
adapter.UpdateCommand = New SqlCommand(cmd)
adapter.UpdateCommand.ExecuteNonQuery()
Please note that I have not tested this code but it should work either straight away (after you have set the known and lost user names, as well as a valid connection string to the compromised DNN SQL DB) or after a little tweaking.

posted @ Sunday, May 24, 2009 4:47 PM by Tony

Name (required)

Email (required)

Website

Enter the code shown above in the box below

Notify me of followup comments via e-mail