Forgot Password Functionality?

Topics: ASP.NET 2.0
Aug 10, 2009 at 10:14 PM

(Using BlogEngine with MSSQL) Is there a way to retrieve the password?  I could not edit the password to the admin account so I created a new user and then disabled the admin account.  However, I neglected to write down the password for the new account.  I see the password in the MSSQL DB (be_Users) but since it is encrypted I am reluctant to try to "change" it there.  I tried to see if I could maybe activate the admin account via the DB, but I could not seem to edit the DB.  I tried to run the SQL set up again, but that failed.

Is there another way?  I did not see "send me my password" link but I might have missed it.  Thanks!

Aug 10, 2009 at 10:26 PM

Also, I noticed there was no password in the admin user account.  I also noticed that it had a 1 in the RoleID (be_UserRoles).  I tried just now and I was able to login with the admin account and no password.  I tried to change the password (saw the Change Password link on the home page on the right).  However, I was unable to change the password - leaving the password field blank and entering a new password.

When I tried the Users link, I received a Page Not Found error - however the link looks correct and the admin/Pages/Users.aspx is there on the server.

Aug 10, 2009 at 10:50 PM

The easiest solution is going to be to clear out the password in the be_Users table.  Just set it to an empty string.  After doing that, re-start the blog application by making any change to the web.config file (add a space, etc).

After doing that, you should be able to use the default password when logging in and changing passwords --- admin.

There isn't a way to retrieve passwords as they are one-way hashed.  They're not encrypted.

Aug 10, 2009 at 10:52 PM

If you're getting redirected to the error404.aspx page (Page Not Found), this happens when an unhandled exception occurs.  Changing the <customErrors> tag in your web.config file to the following will show you the actual error, rather than being redirected to error404.aspx.

<customErrors mode="Off">

Aug 10, 2009 at 11:44 PM

Thanks - I found the customError and changed it from

<customErrors mode="RemoteOnly" defaultRedirect="~/error404.aspx">
      <error statusCode="404" redirect="~/error404.aspx"/>


<customErrors mode="Off">

It seems when I re-ran that SQL query that it re-created the admin account, so there is two of them now.  I was able to delete the information via the DB, changed the web.config file again and upload that.  That worked.

Thanks again!