Will "the Mighty" Strohl

Reset the Passwords for All Users in a DNN Site

WillStrohl.com DNN Logo Code Background

I don’t know if you deal with as many websites as I do, but I’ve been dealing with other peoples DNN sites since I first began dabbling with it over a decade ago.  (Boy, does that make me feel old!)  Restoring the website from someone else’s environment to test, troubleshoot, and fix an issue isn’t a major issue as long as you have some experience with IIS, SQL Server, and Windows.  However, the testing you need to do often requires access to multiple accounts.  This is the problem.  Duplicating those accounts is either non-trivial, or time consuming.  So why not just reset all of their passwords?

A tool I used to use a lot in the past is the LetMeIn ASPX page by Evotiva.  It allows you to quickly create a new host user.  From there, you have access to everything except for other user accounts.  Depending on the type of client, customers, and privacy laws in your area, this is a good thing.  However, if you are able to, it’s a convenient thing to be able to use the very user accounts that are having the issues while performing your troubleshooting.  This is where my tip comes in to play.

First, The Red Tape

Now, before I go any further, it would be an absolute best practice to have and you’d be irresponsible if you didn’t have a formal policy to protect yourself and the clients you’re providing services to.  Have a clear understanding of how you accept sites, how you maintain them, and when you destroy your copies of them.  If you’re in support, I’d suggest destroying your backups as soon as your client confirms that their issue is solved.  The rule of thumb here, don’t keep copies.  Destroy them at your earliest convenience.  That being said, I am not a lawyer either, so you’ll want to review your policies and the laws in your region.

Resetting the Passwords for All Users

The context of this DNN tip is to allow you access to literally impersonate the users on a DNN site.  If the number of users is low, I’d suggest leaving this article now to use my DNN Demo Skin Objects.  Seriously, they’re pretty cool.  You should check them out.

Ideally, it would be convenient if you knew all of the passwords of the users on the site, but we won’t and we shouldn’t.  Instead, we’ll change every password for every user to “password” using the ASPX file below.  All you have to do is create an ASPX file in the root of the site, paste this code into it, and then view it in a web browser of your choice.  From there, it’s a single click to reset all of the passwords to “password.”

WARNING!!!  Never do this on a production site for any reason or put this file on a production server, anywhere.  Also, it should only be used for LEGAL and ETHICAL purposes. 

The code below does the meat of the work for you, but you can just download the file by clicking the button below and save yourself some time.

Download Password Reset ASPX File for DNN

    private int PortalId
            return PortalController.GetCurrentPortalSettings().PortalId;

    protected void ProcessUsers(object sender, EventArgs e)
        catch (Exception ex)
            Exceptions.ProcessModuleLoadException(this, ex, true);

    private void IterateThroughUsers()
        var sb = new StringBuilder();
        var totalRecords = 0;


Updating Superusers

"); var superUsers = UserController.GetUsers(false, true, Null.NullInteger); UpdateUserInfo(superUsers, ref sb); sb.Append("

Updating Normal Users

"); var normalUsers = UserController.GetUsers(PortalId, -1, -1, ref totalRecords, true, false); UpdateUserInfo(normalUsers, ref sb); plcUserLog.Controls.Add(new LiteralControl(sb.ToString())); } private void UpdateUserInfo(ArrayList users, ref StringBuilder sb) { foreach (var user in users) { // convert the user object to UserInfo var oUser = (UserInfo)user; // update the password // REQUIRES: Change the enablePasswordRetrieval attribute to True in the web.config // for newer versions of DNN, use this: //MembershipProvider.Instance().ResetAndChangePassword(oUser, "password"); var success = DotNetNuke.Security.Membership.MembershipProvider.Instance().ChangePassword(oUser, string.Empty, "password"); sb.AppendFormat( success ? "
{0} {1} ({2}) updated with a new password.
" : "
{0} {1} ({2}) NOT UPDATED!
", oUser.FirstName, oUser.LastName, oUser.Username); // save the user UserController.UpdateUser(PortalId, oUser, false); } }

blog comments powered by Disqus