Recover Your DotNetNuke Host Password

June 26, 2011

Categories: DotNetNuke

by Jonathan Sheely

Many times users will only have the portal admin account and not the host account which contains the highest level of permissions and allows for installing modules and overall portal maintenance.

One of the most common issues website owners have is they outsource the setup and maintenance of their website then for one reason or another they need to bring in another developer and the first thing that developer will ask is: “What is your HOST password?”.

If you don’t have the answer to that question don’t worry there are a few ways to recover this password. The long way is to find a user whos password you do know replace the encrypted password and salt key of the host user with the user you do know. That works fine and is useful and all but requires a firm understanding of using SQL and the inner workings of DNN. But there is a better way.

Forgot Password system will not work.

DotNetNuke for security reasons will not return a password in the forgot password system when sending emails to the host user accounts.

I have FTP access to my website.

If you have FTP access to your website you can recover your host password with a little bit of coding. Follow the steps below and we’ll create a webpage that will return your host password.

Create a new text file called RecoverPassword.aspx
Paste in the follow code:

    
          <%@ Page Language="C#" %>

          <script runat="server">

              void Page_Load(object sender, System.EventArgs e)

              {

                  DotNetNuke.Entities.Users.UserInfo uInfo = 

          DotNetNuke.Entities.Users.UserController.GetUserById(0, 1);

                  if (uInfo != null)

                  {

                      string password = 

          DotNetNuke.Entities.Users.UserController.GetPassword(ref uInfo, String.Empty);

                      Response.Write("Password: " + password);

                  }

                  else

                  {

                      Response.Write("UserInfo object is null");

                  }

              }

          </script>

          <html>

              <head>

                  <title>Recover Password</title>

              </head>

              <body>

              </body>

          </html>

          view raw
          file1.cs
          This Gist brought to you by GitHub.

Now upload the file to the root of your DotNetNuke installation and visit the page.
Copy the password and REMEMBER to delete this page IMMEDIETELY so you don’t forget and your host password is exposed.

Slight variations to this script can be made if the developer removed the default host user account or you simply want to retrieve the password for another user.

Olwethu

February 12, 2013 at 5:16 am

Worked like a charm

Thomas Nichols

April 11, 2013 at 8:02 am

Thanks! This worked perfectly and was needed because the password retrieval didn’t work. The email is never sent. Perhaps because I am running the web site on my own WIndows 8 platform on a DHCP Time Warner Cable IP.

dstjohnjr

April 25, 2013 at 3:42 pm

What version does this work for? I verify it works on a 5.1 version. However, I have a pretty old (maybe 4.x) install of DNN and got the following error:

Compiler Error Message: CS0117: ‘DotNetNuke.Entities.Users.UserController’ does not contain a definition for ‘GetUserById’

Source Error:

Line 4: {
Line 5: DotNetNuke.Entities.Users.UserInfo uInfo =
Line 6: DotNetNuke.Entities.Users.UserController.GetUserById(0, 1);
Line 7:
Line 8: if (uInfo != null)

Any help is greatly appreciated!

April 25, 2013 at 3:45 pm

Ok, I just verified my version in the database. It is DNN 4.3.3, which this method does not work on.

admin

April 25, 2013 at 8:54 pm

This script is fairly simple. Line 6 just calls the UserController to get the user by id. In DNN 4.3.3 that particular version may have a different signature then it does today or have a different name.

I’ve been meaning to update this script in order to handle more use cases. Perhaps I will look into that now.

But in the mean time for DNN version 4.3.3 you can change line 6 to use DotNetNuke.Entities.Users.UserController.GetUser(0,1,false); or GetUserByName(0,”host”,false);

April 25, 2013 at 10:18 pm

Awesome! It worked! My password was “host”! Really??? Ok, so it was one of my first DNN installs afterall so, yeah, that makes sense, right? Thanks so much for your help! You’re a lifesaver!

GMcGee

May 12, 2013 at 9:34 pm

Worked! Thanks so much for posting this help…!