Creating a Standard DotNetNuke User Via SQL

Due to popular demand from my "Creating a Host Account Via SQL" article, this article is an extension of that article to show you how to create a regular portal user based on the password for an existing user account. The first portions of this process are very similar to that of the host account creation, however there are a few additional steps.

Requirements

For these instructions to work properly you MUST know the password of at least one user account in your portal. This can be any user account as long as it is for the same application! Also you should be running DotNetNuke 4.4.1 or later as these instructions have NOT been tested on any previous versions.

Disclaimer

I am providing this example as exactly that an example. Anytime you directly modify the database you are introducing a level of risk. Please take the appropriate safety precautions and backup your database before proceeding, I can not be liable for any data loss that may occur from you performing these steps.

Obtain Needed Information

The first step of the process to creating a new user account via the database is to obtain some needed information. We need the "Application Name" for your DotNetNuke installation, typically this is simply "dotnetnuke", it is set in your web config under the membership element. We also need the "password", "passwordSalt" and "PasswordFormat" values from the aspnet membership table for a working user account with a known password. Below is a query to obtain this information. NOTE: replace the text TestUser with the username of your known working user account.

SELECT m.password, m.passwordsalt, m.passwordformat
FROM aspnet_users u
INNER JOIN aspnet_membership m
ON (u.userid = m.userid)
WHERE u.UserName = 'TestUser'

The final piece of information that we need is the id of your portal, this can be obtained from the "Portals" table, below is a query that will give you the portal name and portalId of each portal in your DNN installation.

SELECT PortalId,
PortalName
FROM Portals

Execute Scripts to Create Account

Now we simply combine our desired new information and the existing information that we obtained to create the user account. Below is a listing of the SQL Code that I used to create the account in my portal. You will need to substitute your own values for the various properties. Also, I am using the long format to accomplish this goal by declaring each of the variables prior to calling the stored procedure, this is simply done to make the code easier to read. You will also want to change the hard coded values for FirstName, LastName, and DisplayName. I did not declare variables for those to reduce the length of the sample code.

DECLARE @ApplicationName nvarchar(256)
SET @ApplicationName = 'DotNetNuke'
DECLARE @UserName nvarchar(256)
SET @UserName = 'NewUser' --The new user
DECLARE @Password nvarchar(128)
--From the existing user
SET @Password = 'LLSXX8xW6+0EbrV4JBzL/YenA1D6BBfRnkYY7FtQvNGmmPOhVdPiAA=='
DECLARE @PasswordSalt nvarchar(128)
--From the existing user
SET @PasswordSalt = 'P40ky5tExsx37nUIFnCWZQ=='
DECLARE @Email nvarchar(256)
SET @Email = 'TestingAccount@test.com' --You can set this to whatever you want
DECLARE @PasswordQuestion nvarchar(256)
SET @PasswordQuestion = ''
DECLARE @PasswordAnswer nvarchar(128)
SET @PasswordAnswer = ''
DECLARE @IsApproved bit
SET @IsApproved = 1
DECLARE @CurrentTimeUtc datetime
SET @CurrentTimeUtc = GETDATE()
DECLARE @CreateDate datetime
SET @CreateDate = @CurrentTimeUtc
DECLARE @UniqueEmail int
SET @UniqueEmail = 0
DECLARE @PasswordFormat int
SET @PasswordFormat = 2 --NOTE: Value from existing user!
DECLARE @PortalId int
SET @PortalId = 0    --The id of your portal
Declare @UserId uniqueidentifier
DECLARE @DNNUserId int

--Make the stored procedure call
EXEC dbo.aspnet_Membership_CreateUser @ApplicationName, @Username, @Password,
                @PasswordSalt, @email, @passwordquestion, @PasswordAnswer,
                @IsApproved, @CurrentTimeUtc, @CreateDate, @UniqueEmail,
                @PasswordFormat, @UserId

--Insert the record into the DotNetNuke users table
INSERT INTO users (Username, FirstName, LastName, IsSuperUser, Email,
                    DisplayName, UpdatePassword)
    VALUES(@Username, 'My', 'NewAccount', 0, @Email, 'New Account', 0)

--Get the new userid, from the DNN users table
SELECT @dnnuserid = userid
FROM Users
WHERE username = @Username

--Now, insert the record into the user portals table
INSERT INTO UserPortals (userId, PortalId, CreatedDate)
    VALUES(@dnnuserid, @PortalId, GETDATE())

--Now Give the user permissions to the RECISTERED Users group
INSERT INTO UserRoles (userId, roleId)
SELECT @dnnuserid,
        roleId
FROM Roles
WHERE RoleName = 'Registered Users'

The script should execute successfully with simple messages regarding record counts, no error messages should be displayed. To explain a bit more what the above script does. First the "Declare" and "Set" statements simply build parameters for use later. We then create the ASP.NET membership records for our new user. We then create our DotNetNuke user record to ensure that DNN is aware of the user. Then we obtain the id of the added user and then create a UserPortals record to grant the user access to the specified portal.

Logging In!

You should now be able to navigate to your DNN site and login with the new user account and the password from the account you copied. Upon login you should have full host permissions!

If you have any questions or comments regarding this please let me know! This is considered a last resort, however, it is something that can be used in times of need.

Posted by Mitchel on Monday, May 14, 2007

Tags: DotNetNuke, Tutorials, SQL

Comments

Does this enter them in the UserRoles table as a "Registered User"

By erik on Tuesday, May 15, 2007 at 9:33 AM

Erik,

I greatly apologize the origional posting did not insert that record. I have updated the script and it now does create the user as a "Registered" user.

By mitchel.sellers@gmail.com on Tuesday, May 15, 2007 at 11:42 AM

Hi there,

I have been looking for this sort of script so I can setup DNN users from a windows application using ADO.

It sort of works and I don't get any errors when running the script. The user information is sitting in all the neccessary tables, but when I attempt to login as the newly created user, I get the following message....
A critical error has occurred.
Object reference not set to an instance of an object.

I also notice that the created date next to the listed users that have been created in this way is blank, though this created date is showing in the membership table.

Are you able to give me any pointers.

Thanks for making this script available to the dotnetnuke community.

Regards

Joe Davies

By Joe Davies on Tuesday, May 29, 2007 at 2:33 AM

Joe,

Which data table shows a blank value for the created date?

By mitchel.sellers@gmail.com on Tuesday, May 29, 2007 at 4:17 AM

Hi Mitchell,

I think the created date comes from the aspnet_membership table. This is the table that has the password and passwordSalt. The date is actually set correctly in this table but it isn't displaying in the user list.

I've carefully looked at all the tables that contain a userID field to see if there is anything obviously missing but it all appears fine. I'm still unable to login with the new users credentials. I've created different users but they are all inaccessible.

Mmmh strange one!

Joe

By Joe Davies on Tuesday, May 29, 2007 at 1:27 PM

That is a strange one.

There isn't by chance an error message in the event log is there?

Also, you do have the userportals entry that ws added after my update to this article correct?

By mitchel.sellers@gmail.com on Tuesday, May 29, 2007 at 5:28 PM

I've sorted it, I had changed the application name from 'dotnetnuke' to what I thought should have been my database name. I put it back as it was and it works like a dream now.

I have now created a simple function in Microsoft Access which reads in your script from a lookup table. I then use replace tokens in the script as simple parameters. A passthrough query is then created on the fly and bingo a new user appears in the portal. I can also force the resetting of a password by using 1 instead of 0 in the bolSetPassword argument.

This script of yours has been a godsend.

Thanks again!

Joe

For those interested see function below
'===========================
Function CreateUser(strUserID As String, strUserEmail As String, intPortalID As Integer, strFirstName As String, _
strLastName As String, strDisplayName As String, bolSetPassword As Integer)

Dim MyDb As Database, MyQ As QueryDef, strSQL As String
Set MyDb = CurrentDb()

' Create a temporary QueryDef object that is not saved.
Set MyQ = MyDb.CreateQueryDef("")

' A system DSN has to be setup for pass through queries.
MyQ.Connect = "ODBC;DSN=dsn;UID=userid;PWD=password;DATABASE=databasename"

' Set ReturnsRecords to false in order to use the Execute method.
MyQ.ReturnsRecords = False

' look up the script and replace the tokens with function arguments
strSQL = DLookup("[CreateNewUser]", "tblSettings")

strSQL = Replace(strSQL, "<UserID>", strUserID)
strSQL = Replace(strSQL, "<UserEmail>", strUserEmail)
strSQL = Replace(strSQL, "<PortalID>", intPortalID)
strSQL = Replace(strSQL, "<FirstName>", strFirstName)
strSQL = Replace(strSQL, "<LastName>", strLastName)
strSQL = Replace(strSQL, "<DisplayName>", strDisplayName)
strSQL = Replace(strSQL, "<SetPassword>", bolSetPassword)

MyQ.SQL = strSQL
'Debug.Print strSQL
MyQ.Execute
MyQ.Close
MyDb.Close

End Function

By Joe Davies on Wednesday, May 30, 2007 at 7:14 AM

I was wondering, would the process for updating passwords for dnn user account be achieved similarly?

By Scott on Tuesday, September 25, 2007 at 10:53 AM

Scott,

If you wanted to "copy" a password from an existing account, then yes. If you want to pick a password that another account doesn't have then no.

By mitchel.sellers@gmail.com on Tuesday, September 25, 2007 at 12:25 PM

Thanks Mitchel just the thing I was looking for.

Three questions:
1. What is passwordSalt
2. I want to add a number of users and would like to give them unique passwords. is that possible.
3. Is the UserName unique?

By Ali on Thursday, September 27, 2007 at 9:36 AM

Ali,

1.) It is used to futher secure the actual password that is stored, I am not 100% sure how the salt is used in the microsoft implementation but it is a standard security practice.

2.) If you want to specifically set a password you will need to go another way, possibly look for a batch import module. I will be working on one to release within the next 2-3 weeks., otherwise John Mitchell over at Snapsis has an .aspx page that you can use to import as well.

3.) Yes, the username must be unique!

By mitchel.sellers@gmail.com on Thursday, September 27, 2007 at 1:38 PM

Of course that you can set unique passwords.
PasswordFormat column is where you can set how you want your password to be stored:
PasswordFormat=0 -> Clear
PasswordFormat=1 -> Hashed
PasswordFormat=2 -> Encrypted

By default dnn is set to use Encryption algorithms - 'Triple DES'

If you are not familiar with hashing and encription you can just simple set your PasswordFormat to be 0.
Or make small research on SHA1, MD5, Triple-DES - It is simple.

By Ali, on Friday, August 22, 2008 at 8:07 PM

Ali,

Do you happen to know how to properly encrypt the DNN password?

How about what the PasswordSalt stands for?

I've been trying to decrypt the users passwords so that I can export users profile to another application that I am building.

By Tim on Monday, October 13, 2008 at 9:20 PM

Tim,

There are methods provided by the UserController class to decrypt the password. Make a post in the forums, and I can try to point you in the right direction.

By mitchel.sellers@gmail.com on Tuesday, October 14, 2008 at 4:16 AM

Click here to post a comment

RSS Feeds/Syndication

Subscribe To Blog RSS
Subscribe To Blog Updates by E-Mail
Add to Technorati Favorites

Donate

Show your appreciation for the content/modules made available by MitchelSellers.com by making a donation. Donations are used to assist with dedicating time to creating free content.