Every now and then you'll see one of your colleagues wondering around looking for a way into an existing Kentico Admin interface no one seems to have an account for. How do you get into the Administration interface without breaking anything?
If you've Googled yourself here because you're really locked out of an installation be sure to read the whole article first because the last solution is advised and the easiest!
So you've found yourself working on a Kentico implementation but don't have an account with access to the Admin interface. So what can you do to get in?
Find a colleague
Well first you'll start disturbing your colleague hoping they already have an account so they can create one for you too.
Although this might work, it does take some time and you'll disturb a lot of your hardworking colleague.
Forgot password
If you've just forgotten your password and do have an account you might be able to use the "Forget password" feature.
This works if the
SMTP server, the
email template and possibly the
ResetPassword page are configured correctly.
But what if you don't have an account, or if this doesn't work?
Modify records in the database directly
So you're out of options and think about 'hacking' yourself into Kentico by manipulating the database directly. You know you have an account but just don't seem to have the correct rights or password.
Kentico's user details are stored in multiple tables but you'll be needing the
CMS_User table. Find your user and update it right?
Modifying the database directly is always risky since you're getting around Kentico and it's quite easy to break your whole installation. Always create a Database backup first!
Although you should
never use plain text passwords, these are the easiest to update.
If the password was correct but you don't have admin powers you could check the boolean flag columns:
You will need an
enabled account with the
UserIsGlobalAdmin flag.
The
IsExternal or
UserIsDomain flags might prevent you from using the normal logon form.
If you don't have a user account available or for some reason they are all gone you could try inserting a new record. If you copy an account with Salt from an other installation remember the
Salt is calculated with use of the UserGUID so make sure to copy this also.
web.config key
If only there was an easy, secure and Kentico "approved" way? What you probably don't know is that there is one!
Simply adding a
AppSettings key to the web.config will do the trick:
<
add
key
=
"CMSAdminEmergencyReset"
value
=
"UserName;Password;true"
/>
This is really an emergency key but will still use the Kentio API to create or update the user account. It will however leave some required fields empty, like full name.
Bonus feature:
The key will be automatically deleted from your web.config as soon as the Kentico application created the account, so no need to update your config again to remove it.
NOTE: Remember though that editing the web.config will usually trigger an application pool restart! So be careful if you use this in production environment.
Read more on Devnet : Forgotten+password