Recover Your DotNetNuke Host Password

>> Home / Recover Your DotNetNuke Host Password

June 26, 2011

Categories: DotNetNuke

by Jonathan Sheely

Many times users will only have the portal admin account and not the host account which contains the highest level of permissions and allows for installing modules and overall portal maintenance. One of the most common issues website owners have is they outsource the setup and maintenance of their website then for one reason or another they need to bring in another developer and the first thing that developer will ask is: “What is your HOST password?”. If you don’t have the answer to that question don’t worry there are a few ways to recover this password. The long way is to find a user whos password you do know replace the encrypted password and salt key of the host user with the user you do know. That works fine and is useful and all but requires a firm understanding of using SQL and the inner workings of DNN. But there is a better way. Forgot Password system will not work. DotNetNuke for security reasons will not return a password in the forgot password system when sending emails to the host user accounts. I have FTP access to my website. If you have FTP access to your website you can recover your host password with a little bit of coding. Follow the steps below and we’ll create a webpage that will return your host password.

Create a new text file called RecoverPassword.aspx
Paste in the follow code:

    
          <%@ Page Language="C#" %>

          <script runat="server">

              void Page_Load(object sender, System.EventArgs e)

              {

                  DotNetNuke.Entities.Users.UserInfo uInfo = 

          DotNetNuke.Entities.Users.UserController.GetUserById(0, 1);

                  if (uInfo != null)

                  {

                      string password = 

          DotNetNuke.Entities.Users.UserController.GetPassword(ref uInfo, String.Empty);

                      Response.Write("Password: " + password);

                  }

                  else

                  {

                      Response.Write("UserInfo object is null");

                  }

              }

          </script>

          <html>

              <head>

                  <title>Recover Password</title>

              </head>

              <body>

              </body>

          </html>

          view raw
          file1.cs
          This Gist brought to you by GitHub.

Now upload the file to the root of your DotNetNuke installation and visit the page.
Copy the password and REMEMBER to delete this page IMMEDIETELY so you don’t forget and your host password is exposed.

Slight variations to this script can be made if the developer removed the default host user account or you simply want to retrieve the password for another user.

Olwethu

February 12, 2013 at 5:16 am

Worked like a charm

Jim Borland

September 17, 2013 at 7:17 am

Hi, I tried to upload the RecoverPassword.aspx but I keep being told that I’m not allowed to upload .aspx files, it’s a “resticted file type”. If I use ftp it won’t display it I changed the name to .xml and that uploaded fine but doesn’t work.
Can you help?
Thanks,
Jim.

admin

October 26, 2013 at 3:31 pm

Make sure you’re FTPing the file to the root directory of your dnn application (same folder your web.config is in).

Thomas Nichols

April 11, 2013 at 8:02 am

Thanks! This worked perfectly and was needed because the password retrieval didn’t work. The email is never sent. Perhaps because I am running the web site on my own WIndows 8 platform on a DHCP Time Warner Cable IP.

dstjohnjr

April 25, 2013 at 3:42 pm

What version does this work for? I verify it works on a 5.1 version. However, I have a pretty old (maybe 4.x) install of DNN and got the following error:

Compiler Error Message: CS0117: ‘DotNetNuke.Entities.Users.UserController’ does not contain a definition for ‘GetUserById’

Source Error:

Line 4: {
Line 5: DotNetNuke.Entities.Users.UserInfo uInfo =
Line 6: DotNetNuke.Entities.Users.UserController.GetUserById(0, 1);
Line 7:
Line 8: if (uInfo != null)

Any help is greatly appreciated!

April 25, 2013 at 3:45 pm

Ok, I just verified my version in the database. It is DNN 4.3.3, which this method does not work on.

April 25, 2013 at 8:54 pm

This script is fairly simple. Line 6 just calls the UserController to get the user by id. In DNN 4.3.3 that particular version may have a different signature then it does today or have a different name.

I’ve been meaning to update this script in order to handle more use cases. Perhaps I will look into that now.

But in the mean time for DNN version 4.3.3 you can change line 6 to use DotNetNuke.Entities.Users.UserController.GetUser(0,1,false); or GetUserByName(0,”host”,false);

April 25, 2013 at 10:18 pm

Awesome! It worked! My password was “host”! Really??? Ok, so it was one of my first DNN installs afterall so, yeah, that makes sense, right? 🙂 Thanks so much for your help! You’re a lifesaver!

GMcGee

May 12, 2013 at 9:34 pm

Worked! Thanks so much for posting this help…!

Jubin

June 2, 2013 at 4:10 pm

Tnx man

John

July 8, 2013 at 3:02 am

It doesn’t seem to work on DNN 6.2.7
Any Help?

steve

July 18, 2013 at 7:39 pm

I just used it on DNN 6.2.7 and it worked great. Just be sure to put it into the root of the install folder, and not the root of the portal.

Vinod

August 26, 2013 at 10:42 am

Thank you very much and it worked for DNN 7.0 before these the user must make the two parameters to be changed if the password is set to Hashed this code wont work. in web.config change the parameters enablePasswordRetrieval=”true”, passwordFormat=”Clear” before installation of DNN. I request you to find the recovery of Hashed parameter mode. thanks and I am adding the same in a dnn step by step tutorial and referring your link in the document.

Jon

October 29, 2013 at 11:14 am

Incredibly useful, thankyou

Abiy

October 31, 2013 at 11:54 am

Awesome!! It worked on DNN 6.2.5.24. Thanks!!!

ryan moore

May 18, 2014 at 8:57 pm

How about today in DNN 7 environment and starting out with a good enablePasswordRetrieval True and passwordFormat Hashed? The host starts out hashed… we would need a newer script that would allow you to do something like change the host email address to one you specify and then send out the standard forgot password reset email.

what do you think?

Jonathan Sheely

July 27, 2014 at 12:00 am

Yes I agree. I have such a script already. I’ll post a new blog with the release.

Edmundo

December 12, 2014 at 2:05 pm

Hi,
I have DNN 6.2.5 and I try your script and it didn´t work. Could you help me with this issue. I´m not an xpert in SQL data bases

Baldwin

October 7, 2014 at 9:16 pm

You can have a new try like the first method mentioned in this post below:

http://knowledge.3essentials.com/web-hosting/article/376/Reset-DNN-host-password.html

It works for all the versions of dnn and it just requires you need to know someting related with db table.

Hope it helps.

Sheltowee

January 20, 2016 at 7:33 pm

You are a life saver!!! Was trying to login as Host. Kept saying password was wrong. Used your technique and it gave me the password I thought it was. So database is not an issue. Thought for sure I had an encryption issue. Then I thought, maybe I should try using my e-mail instead of “Host”, which is how I logged in before I upgraded to DNN 7.3.2. When I used my e-mail address instead of Host, it worked. I was able to get in! What a relief. I have spent 5 hours troubleshooting this, and if I had not found your suggestion above, I never would have been able to narrow down the issue. Thanks so much!!!