Umbraco - reset admin password

Question

Is it possible? I was playing around with Umbraco, got it started up last week (just got it up and running, didn't do anything beyond that) and by Monday I'd forgotten the password. I looked here, but none of the suggestions seem to work. Changing the membership provider to Clear here:

    <add name="UmbracoMembershipProvider" type="Umbraco.Web.Security.Providers.MembersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="8" useLegacyEncoding="true" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Member" passwordFormat="Hashed" />
    <add name="UsersMembershipProvider" type="Umbraco.Web.Security.Providers.UsersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="8" useLegacyEncoding="true" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" passwordFormat="Hashed" />

If I change UmbracoMembershipProvider to Clear, it doesn't seem to do anything. If I change UserMembershipProvider to Clear then the whole site breaks (it complains that you can only use Umbraco with ASP.NET identity if it's set to Hashed).

All the suggested hashes to replace the userPassword don't seem to work. Setting the userPassword to an empty string doesn't work because the UI won't allow an empty string as a password, and the backend will check it and complain too.

Is there any simple, fool-proof way to reset the damn thing without uninstalling and starting over?

are you maybe loggin in with a username instead of an email account? — Eyescream, Nov 20 '15 at 08:57
I think the "Clear" hack only works on older versions of Umbraco (probably Umbraco 7.2 and before). — harvzor, May 04 '17 at 10:35

score 10 · Answer 1 · answered Sep 20 '17 at 13:21

We had this issue receiving an Umbraco install from a 3rd party but no credentials. This is for Umbraco 7.6.1

• Modify UsersMembershipProvider set useLegacyEncoding="true" In web.config then restart iis

use the usual script to set the admin password the old way

UPDATE umbracoUser set userdisabled=0, userNoConsole=0, userLogin='admin', failedLoginAttempts=0, userPassword='bnWxWyFdCueCcKrqniYK9iAS+7E=' where id=0

• Log in as admin/default

• Navigate to the admin user

• Modify UsersMembershipProvider set useLegacyEncoding="false" then restart iis again

• CTRL-F5 to reload web.config (you should still be logged in via cookie)

• Select “Change Your Password”

• Check the “Reset Password” checkbox

• Click Save

• You will get a green dialog with the new password

• Copy the new password to clipboard

• Click “Change Password” again

• Paste into the “Current Password” field

• Enter admin123456 as new password

• Enter admin123456 as confirm password

• Click Save

To check restart iis, log in as admin/admin123456

score 3 · Answer 2 · answered Jun 27 '16 at 13:41

3

UPDATE umbracoUser set userdisabled=0, userLogin='admin', userPassword='bnWxWyFdCueCcKrqniYK9iAS+7E=' where id=0

hash is "default" without the quotes

answered Jun 27 '16 at 13:41

Christopher Pascual

339
3
7

2

You should add some explanation to improve the quality of your answer. – m02ph3u5 Jun 27 '16 at 13:44

Oltion Driza · Answer 3 · 2022-04-04T07:51:28.440

For Umbraco 7-8, create a class as below:

using System.Web.Security;
using Umbraco.Core.Composing;
using Umbraco.Core;
using Umbraco.Core.Services;
using Umbraco.Web.Security.Providers;

namespace Test
{
    [RuntimeLevel(MinLevel = RuntimeLevel.Run)]
    public class StartingComposer : IUserComposer
    {
        public void Compose(Composition composition)
        {
            composition.Components().Append<StartingEvent>();
        }
    }
    public class StartingEvent : IComponent
    {
        private readonly IUserService _userService; 
        public StartingEvent(IUserService userService)
        {
            _userService = userService;
            var adminUser = _userService.GetUserById(-1);
            adminUser.Username = adminUser.Email = "admin@gmail.com";
            adminUser.FailedPasswordAttempts = 0;
            adminUser.IsLockedOut = false;
            adminUser.IsApproved = true;
            adminUser.RawPasswordValue = (Membership.Providers["UsersMembershipProvider"] as UsersMembershipProvider)?.HashPasswordForStorage("Admin123*");
            userService.Save(adminUser);
        }
        public void Initialize()
        {
        }
        public void Terminate()
        {
        }
    }
}

This is the only thing that worked for me, although I created an Umbraco Eventhandler for this. — Raimond, Dec 20 '21 at 21:19

score 0 · Answer 4 · answered Nov 16 '15 at 18:57

0

Do you have access to the database it is pointing to? If you do, you can reset the password this way.

UPDATE umbracoUser set userdisabled=0, userLogin='admin', userPassword='rboj46J1NSyvbZ5c7UI/5+m+Pcc=' where id=0

or

UPDATE umbracoUser set userdisabled=0, userLogin='admin', userPassword='default' where id=0

Where the user is admin and the password is updated to default.

answered Nov 16 '15 at 18:57

Xogle

363
3
16

Tried the first one and it doesn't work for me. The second one would only work if I could switch to clear instead of hashed passwords, but changing that in web.config doesn't seem to work. – Matt Burland Nov 16 '15 at 19:02
Try using `userPassword=''` and then try to log in and it should prompt a reset. Or try going to your SQL gui and click the box and try updating it that way. – Xogle Nov 16 '15 at 19:05
You can't log in with a blank password. The front-end checks it as does the backend. Blank passwords are rejected. – Matt Burland Nov 16 '15 at 19:06
Are you sure? I've read multiple solutions and tested on Umbraco 5 (out of date I know). I would try anyway, if not looks like a reinstall would be your best bet. – Xogle Nov 16 '15 at 19:08
Or you could try to make a new user with privileges and trigger a reset for admin. – Xogle Nov 16 '15 at 19:10
I can't make a new user when I can't get in at all. – Matt Burland Nov 16 '15 at 19:12
I would need to be able to generate a password hash that worked to do that. – Matt Burland Nov 16 '15 at 19:13

score 0 · Answer 5 · answered Nov 24 '15 at 09:38

I had the same problem the other day. bnWxWyFdCueCcKrqniYK9iAS+7E= should be the correct hash for default.

Insert this in the DB, restart the application (you can just download, and then upload the web.config at the root), and now login with your username and default as password.

When you are logged in you can change the password, and everything should be fine. :)

I hope it helps!

score 0 · Answer 6 · answered Jan 24 '18 at 15:01

To everyone who is unable to solve this using the steps above, what you can do is copy the password from another Umbraco.sdf database file and paste it over the current password in the new sites Umbraco.sdf file. Then log in using that password. You may have to clear cache and reload the site.

score 0 · Answer 7 · answered Dec 17 '18 at 09:20

Sometimes you need to update the column lastLockoutDate as well for this manual update in database to work.

Try the following query to update password of admin user as default :

UPDATE [dbo].umbracoUser set userdisabled=0, userLogin='admin', userPassword='bnWxWyFdCueCcKrqniYK9iAS+7E=', lastLockoutDate = null where id=0;

score 0 · Answer 8 · answered Mar 21 '19 at 11:01

For Umbraco 8 or higher or any other version.

Create a new project in visual studio, install the version of umbraco you want (same as your original project) (using nuget).

Do the setup on the DB type and version (same as your db of your lost account) you want. This time, write down your credentials you want to use.

After the basic installation go to the table [DATABASENAME].[dbo].[umbracoUser] and create a update query of your account, with the info of your new DB.

UPDATE umbracoUser 
set userdisabled=0, 
    userNoConsole=0, 
    userEmail='admin@admin.com', 
    userLogin='admin@admin.com',
    failedLoginAttempts=0,  
    userPassword='[COPY HASHED PASSWORD]',
    securityStampToken = '[COPY securityStampToken]'   
where id=-1 -- for version 8.* it is -1

And now you can login to your project without stopping,resetting or changing your original project

score 0 · Answer 9 · answered Jun 23 '20 at 22:09

For Umbraco 8, I followed Bunkerbuster's answer above but was still having problems.

I found I had to sync the machineKey settings between the temporary/dummy site's Web.config and the forgotten password site's Web.config.

The configuration block looks like this:

 <machineKey validationKey="xxx"
             decryptionKey="xxx"
             validation="HMACSHA256"
             decryption="AES" />

Umbraco - reset admin password

9 Answers9