A former twenty something in technology

Recover Your DotNetNuke Host Password

Many times users will only have the portal admin account and not the host account which contains the highest level of permissions and allows for installing modules and overall portal maintenance. One of the most common issues website owners have is they outsource the setup and maintenance of their website then for one reason or another they need to bring in another developer and the first thing that developer will ask is: “What is your HOST password?”. If you don’t have the answer to that question don’t worry there are a few ways to recover this password. The long way is to find a user whos password you do know replace the encrypted password and salt key of the host user with the user you do know. That works fine and is useful and all but requires a firm understanding of using SQL and the inner workings of DNN. But there is a better way. Forgot Password system will not work. DotNetNuke for security reasons will not return a password in the forgot password system when sending emails to the host user accounts.   I have FTP access to my website. If you have FTP access to your website you can recover your host password with a little bit of coding. Follow the steps below and we’ll create a webpage that will return your host password.
  • Create a new text file called RecoverPassword.aspx
  • Paste in the follow code:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
<%@ Page Language="C#" %>
<script runat="server">
void Page_Load(object sender, System.EventArgs e)
DotNetNuke.Entities.Users.UserInfo uInfo =
DotNetNuke.Entities.Users.UserController.GetUserById(0, 1);
if (uInfo != null)
string password =
DotNetNuke.Entities.Users.UserController.GetPassword(ref uInfo, String.Empty);
Response.Write("Password: " + password);
Response.Write("UserInfo object is null");
<title>Recover Password</title>
view raw file1.cs This Gist brought to you by GitHub.
  • Now upload the file to the root of your DotNetNuke installation and visit the page.
  • Copy the password and REMEMBER to delete this page IMMEDIETELY so you don’t forget and your host password is exposed.
Slight variations to this script can be made if the developer removed the default host user account or you simply want to retrieve the password for another user.

Worked like a charm

Hi, I tried to upload the RecoverPassword.aspx but I keep being told that I’m not allowed to upload .aspx files, it’s a “resticted file type”. If I use ftp it won’t display it I changed the name to .xml and that uploaded fine but doesn’t work.
Can you help?

Make sure you’re FTPing the file to the root directory of your dnn application (same folder your web.config is in).

Thanks! This worked perfectly and was needed because the password retrieval didn’t work. The email is never sent. Perhaps because I am running the web site on my own WIndows 8 platform on a DHCP Time Warner Cable IP.

What version does this work for? I verify it works on a 5.1 version. However, I have a pretty old (maybe 4.x) install of DNN and got the following error:

Compiler Error Message: CS0117: ‘DotNetNuke.Entities.Users.UserController’ does not contain a definition for ‘GetUserById’

Source Error:

Line 4: {
Line 5: DotNetNuke.Entities.Users.UserInfo uInfo =
Line 6: DotNetNuke.Entities.Users.UserController.GetUserById(0, 1);
Line 7:
Line 8: if (uInfo != null)

Any help is greatly appreciated!

Ok, I just verified my version in the database. It is DNN 4.3.3, which this method does not work on.

This script is fairly simple. Line 6 just calls the UserController to get the user by id. In DNN 4.3.3 that particular version may have a different signature then it does today or have a different name.

I’ve been meaning to update this script in order to handle more use cases. Perhaps I will look into that now.

But in the mean time for DNN version 4.3.3 you can change line 6 to use DotNetNuke.Entities.Users.UserController.GetUser(0,1,false); or GetUserByName(0,”host”,false);

Awesome! It worked! My password was “host”! Really??? Ok, so it was one of my first DNN installs afterall so, yeah, that makes sense, right? 🙂 Thanks so much for your help! You’re a lifesaver!

Worked! Thanks so much for posting this help…!

It doesn’t seem to work on DNN 6.2.7
Any Help?

I just used it on DNN 6.2.7 and it worked great. Just be sure to put it into the root of the install folder, and not the root of the portal.

Thank you very much and it worked for DNN 7.0 before these the user must make the two parameters to be changed if the password is set to Hashed this code wont work. in web.config change the parameters enablePasswordRetrieval=”true”, passwordFormat=”Clear” before installation of DNN. I request you to find the recovery of Hashed parameter mode. thanks and I am adding the same in a dnn step by step tutorial and referring your link in the document.

Incredibly useful, thankyou

Awesome!! It worked on DNN Thanks!!!

How about today in DNN 7 environment and starting out with a good enablePasswordRetrieval True and passwordFormat Hashed? The host starts out hashed… we would need a newer script that would allow you to do something like change the host email address to one you specify and then send out the standard forgot password reset email.

what do you think?

Jonathan Sheely

Yes I agree. I have such a script already. I’ll post a new blog with the release.

I have DNN 6.2.5 and I try your script and it didn´t work. Could you help me with this issue. I´m not an xpert in SQL data bases

You can have a new try like the first method mentioned in this post below:


It works for all the versions of dnn and it just requires you need to know someting related with db table.

Hope it helps.

You are a life saver!!! Was trying to login as Host. Kept saying password was wrong. Used your technique and it gave me the password I thought it was. So database is not an issue. Thought for sure I had an encryption issue. Then I thought, maybe I should try using my e-mail instead of “Host”, which is how I logged in before I upgraded to DNN 7.3.2. When I used my e-mail address instead of Host, it worked. I was able to get in! What a relief. I have spent 5 hours troubleshooting this, and if I had not found your suggestion above, I never would have been able to narrow down the issue. Thanks so much!!!

Leave a Reply