Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • MB 266 posts 918 karma points
    2 days ago
    MB
    0

    Umbraco 7 unable to reset password

    Hi lads,

    I'm running Umbraco 7.11.1 and suddently being locked out.

    I use a compact database located in the App_Data folder. My locked out user looks like this:

    • id: 2
    • userDisabled: unticket
    • userNoConsole: unticket
    • userName: mike
    • userLogin: mike
    • userPassword: SomeEncryptedPassword
    • userEmail: [email protected]
    • userLanguage: en-US

    I have tried running the following SQL on my own user but also the admin using ID 0:

    UPDATE umbracoUser SET userdisabled = 0, userLogin = 'mike', userPassword = 'default' WHERE id = 2
    

    And resetting application pool afterwards.


    I have tried the Umbraco 8 reset password plugin: https://our.umbraco.com/packages/developer-tools/umbraco-admin-reset/

    But when I access website.com/umbraco/adminreset/useractions/reset I get the following error: HTTP Error 404.0 - Not Found


    I have attempted to request a new password but I get the following error: Request password reset failed for email eventhough I use the SMTP settings from my host:

            <smtp from="[email protected]">
            <network port="587" host="websmtp.simply.com" userName="[email protected]" password="myPassword"/>
        </smtp>
    

    I have also gone through https://our.umbraco.com/Documentation/Reference/Security/reset-admin-password-v8 but I can't run the installer because I need to be logged in.

    I am completely stuck... I have no idéa how I can gain access to my shop. I'm completely locked out and frustrated. I'm prepared to pay someone to help me gain access to my backend again.

  • Damian 35 posts 253 karma points
    2 days ago
    Damian
    0

    First question here might be "does the rest of your site load?". I've seen a number of times where the rest of the site has a compile issue but your Backoffice screen is still giving the appearance of being up+functional due to the angularJs behaviours.

    Next, I'd say don't update any rows in the DB but for the userdisabled flag. I may be misreading the UPDATE statement given that you're probably not going to update your password to be 'default' but, rather, that is only a placeholder.
    (it's possible to recover a mistakenly reset password hash, if need be…)

    Let us know where you're at as i'm sure you're banging away at this and may have some new info that can help get you back in action.

  • MB 266 posts 918 karma points
    2 days ago
    MB
    0

    Hi Damian,

    Thank you for reaching out! My site works just fine, the only thing not working i me being able to login.

    Currently, my backoffice doesn't show any errors in the console. Having the database as SDF file, how come I can't change the password there, reload the project and login? I mean... I have direct access to the server and none of the users is Disabled or has NoConosole enabled.

  • Damian 35 posts 253 karma points
    2 days ago
    Damian
    0

    Hmm, turns out that I don't have any tooling on this machine to query/reference any v8 SDF. I'd be surprised if the schemas are any different than from a full MDF (i hope!). Working under that assumption anyway - are your [failedLoginAttempts] == 0 ?

    The [userDisabled] would be toggled only as result of a manual action through the backoffice. The too many failed attempts would be result of a few fat-fingered login attempts - how does that row look?

  • MB 266 posts 918 karma points
    2 days ago
    MB
    0

    My row looks exactly like this:

    • ID: 0
    • userDisabled: unticket
    • userNoConsole: unticket
    • userName: admin
    • userLogin: Admin
    • userPassword: default
    • userEmail: [email protected]
    • userLanguage: en-GB
    • securityStampToken: c5085721-6eea-4526-b57d-dfc2e748121b
    • failedLoginAttempts: 0
    • LastLockedoutDate: empty
    • LastPasswordChangeDate: 2/3/2020 8:09 PM
    • lastLoginDate: 10/29/2021 11:41 AM
    • createDate: 8/10/2018 3:13 PM
    • updateDate: 6/22/2022 7:45 PM
    • emailConfirmedDate: empty
    • inviteDate: empty
    • avatar: empty
    • passwordConfig: {"hashAlgorithm":"HMACSHA256"}
    • tourDate: empty

    My membership provider looks like this:

                    <add name="UsersMembershipProvider" type="Umbraco.Web.Security.Providers.UsersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="8" useLegacyEncoding="false" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" passwordFormat="Hashed" />
    
  • Damian 35 posts 253 karma points
    2 days ago
    Damian
    0

    Ah. I'm unsure if you're using v7(forum tags) or if this is a v8 site (since you're trying v8 packages as noted above). This may be relevant for the useLegacyEncoding attribute.

    There's a possibly related post here: https://our.umbraco.com/forum/using-umbraco-and-getting-started/91489-switching-back-to-uselegacyencoding-true

    which references the solution for this post: https://our.umbraco.com/forum/using-umbraco-and-getting-started/88852-changing-uselegacyencoding-from-true-to-false

    any of this sounding familiar/relevant ??

    Heads up on the following provider setting ;) as this will block your password reset via email option : enablePasswordRetrieval="false"

  • MB 266 posts 918 karma points
    2 days ago
    MB
    0

    Hi Damian,

    Thank you for doing the research! I tried setting legacuEncoding to true. I have also tried setting passwordRetrieval to true which gives me the following error:

    Parser Error Message: Provider can not retrieve a hashed password
    
  • Damian 35 posts 253 karma points
    2 days ago
    Damian
    0

    alright.
    TIL: what you were doing with the userPassword = 'default' actions. -new to me! Were you able to complete the next step of the reset admin process and "run the installer" ?

    I misfired in hurry to reply before a meeting and copied the wrong attribute but indented to grab the following password setting :

    enablePasswordReset (default 'true'): Indicates whether the membership provider supports password reset for users

    It's curious the failedAttempts keeps incrementing despite your efforts. I'd try not to get stuck on a side game there but rather just increase, temporarily, the maxInvalidPasswordAttempts to something unreasonably large so that's not an issue here.

Please Sign in or register to post replies

Write your reply to:

Draft