Kentico let me in please

admin interface, authentication, locked out, password, QuickTip, user account, web.config
David te Kloese

Every now and then you'll see one of your colleagues wondering around looking for a way into an existing Kentico Admin interface no one seems to have an account for. How do you get into the Administration interface without breaking anything?

If you've Googled yourself here because you're really locked out of an installation be sure to read the whole article first because the last solution is advised and the easiest!

So you've found yourself working on a Kentico implementation but don't have an account with access to the Admin interface. So what can you do to get in?

Find a colleague

Well first you'll start disturbing your colleague hoping they already have an account so they can create one for you too.

Although this might work, it does take some time and you'll disturb a lot of your hardworking colleague.

Forgot password

If you've just forgotten your password and do have an account you might be able to use the "Forget password" feature.

Forgotten Password

This works if the SMTP server, the email template and possibly the ResetPassword page are configured correctly.

But what if you don't have an account, or if this doesn't work?

Modify records in the database directly

So you're out of options and think about 'hacking' yourself into Kentico by manipulating the database directly. You know you have an account but just don't seem to have the correct rights or password.

Kentico's user details are stored in multiple tables but you'll be needing the CMS_User table. Find your user and update it right?

Modifying the database directly is always risky since you're getting around Kentico and it's quite easy to break your whole installation. Always create a Database backup first!

Plain Text Password

Although you should never use plain text passwords, these are the easiest to update.

If the password was correct but you don't have admin powers you could check the boolean flag columns:

Flags

You will need an enabled account with the UserIsGlobalAdmin flag.

The IsExternal or UserIsDomain flags might prevent you from using the normal logon form.

If you don't have a user account available or for some reason they are all gone you could try inserting a new record. If you copy an account with Salt from an other installation remember the Salt is calculated with use of the UserGUID so make sure to copy this also.

Password salt

web.config key

If only there was an easy, secure and Kentico "approved" way? What you probably don't know is that there is one!

Simply adding a AppSettings key to the web.config will do the trick:
 
<add key="CMSAdminEmergencyReset" value="UserName;Password;true" />

  • UserName - here you specify the user name

  • Password - the desired password
  • The last boolean parameter indicates whether you want to create a new user if it doesn't exists (true) or only update if it exist (false)

This is really an emergency key but will still use the Kentio API to create or update the user account. It will however leave some required fields empty, like full name.

Web.config inserted user

Bonus feature:
The key will be automatically deleted from your web.config as soon as the Kentico application created the account, so no need to update your config again to remove it.

NOTE: Remember though that editing the web.config will usually trigger an application pool restart! So be careful if you use this in production environment.

Read more on Devnet : Forgotten+password