How To Log Into Episerver When You Don’t Know A User or Password

This article is a continuation of Top Tips To Get An Existing Episerver Project Up And Running. Often when I start at a new company, I won’t have a log-in to get access to Episerver and I’m left to my own devices to get started. In today’s guide, I’m going to cover some of the things you can do to get access to the editor. In this post, I’m assuming you are familiar with logging into Episerver. If you’re not, then I would recommend reading, Beginner’s Guide: How To Access The Episerver Login Page first.

Create a Local Admin Account

Out of the box, Episerver uses the Multiplexing Provider to deal with membership and logging in. If you are not familiar with the multiplexing provider use Windows Authentication, then fall back to SQL to try and log you in. The SQL provider is based on the standard .NET version and the log-in usernames can be found in the ‘aspnet_Users’ table in SQL.

To log into Episerver with the multiplexing provider enabled, you can try your domain account. Your account will need local Admin privileges, so depending on how your IT department has set-up your account, this may or may not work.

If your account doesn’t work, if you can create a local user account on your computer that has local administrators group permissions. This should allow you to log into Episerver.

My Episerver Website Uses A SQL Membership Provider

In a lot of companies, the membership provider is set to SQL only, so unless you know a valid Episerver account you won’t be able to access it. If you find yourself in this situation then the first trick is to check the roles and membership provider and switch both to Multiplexing. In your web.config, find the following section and change the ‘defaultProvider’ MultiplexingRoleProvider for the role provider and MultiplexingMembershipProvider’ for the membership provider.

<roleManager enabled="true" defaultProvider="MultiplexingRoleProvider" cacheRolesInCookie="true">
<clear />
<add name="MultiplexingRoleProvider" type="EPiServer.Security.MultiplexingRoleProvider, EPiServer.Framework" provider1="SqlServerRoleProvider" provider2="WindowsRoleProvider" providerMap1="SqlServerMembershipProvider" providerMap2="WindowsMembershipProvider" />
<add name="WindowsRoleProvider" applicationName="EPiServerSample" type="EPiServer.Security.WindowsRoleProvider, EPiServer" />
<add name="SqlServerRoleProvider" connectionStringName="EPiServerDB" applicationName="EPiServerSample" type="System.Web.Security.SqlRoleProvider, System.Web, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<membership defaultProvider="MultiplexingMembershipProvider" userIsOnlineTimeWindow="10" >
<clear />
<add name="MultiplexingMembershipProvider" type="EPiServer.Security.MultiplexingMembershipProvider, EPiServer.Framework" provider1="SqlServerMembershipProvider" provider2="WindowsMembershipProvider" />
<add name="WindowsMembershipProvider" type="EPiServer.Security.WindowsMembershipProvider, EPiServer" deletePrefix="BUILTIN\" searchByEmail="true" />
<add name="SqlServerMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="EPiServerDB" requiresQuestionAndAnswer="false" applicationName="EPiServerSample" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />

Allow Anonymous Access To The Editor

If creating a local domain account and switching from an SQL provider to multiplexing doesn’t work, you can always allow anonymous access to the editor and allow everyone in. In your web.config, delete this line:

<deny users="*" />

This should allow accessing edit and admin mode without authentication.

The Sneaky Way… HACK SQL!

If you can’t change the web.config for whatever reason, but you do have access to SQL then you could consider a possible second technique that can help you get in. Obviously, if you need to do this do not try it out on a live server without testing offline first and backing everything up. In this approach, you will need to know the valid details (username and password) for any account, say a content editor. You can query the database to apply that password onto a different account, giving you access to log in with that. This can be handy if you can’t access an admin account, but you either have the log in details for a content editor, or you can create a new content editor account.

In this approach, you need to run this SQL command:

SELECT au.username, aa.ApplicationName, password, passwordformat, passwordsalt
FROM aspnet_membership am
INNER JOIN aspnet_users au
ON (au.userid = am.userid)
INNER JOIN aspnet_applications aa
ON (au.applicationId = aa.applicationid)

Find the user you know the valid account details for and copy the password, salt, and password type. Next, find an account that has admin access and run this SQL snippet:

set @changeDate = getdate()
exec aspnet_Membership_setPassword ‘applicationName’, 
'Password Salt',
'Password format'

After running this, both users have the same password. So you should now be able to log into EpiServer with an admin account.

Jon D Jones

Software Architect, Programmer and Technologist Jon Jones is founder and CEO of London-based tech firm Digital Prompt. He has been working in the field for nearly a decade, specializing in new technologies and technical solution research in the web business. A passionate blogger by heart , speaker & consultant from England.. always on the hunt for the next challenge

More Posts

2 replies
  1. Khan
    Khan says:

    Hi Jon,
    I am a tester. I am working on a project which the website uses EPIserver. I can use CMS and configuration for testing
    I want to do a presentation about EPIserver for all other testers in company. Could you please advise me for my presentation. Or any document which you can share with me.
    Your site is very helpful for me.
    Thank you so much 🙂

    • Jon D Jones
      Jon D Jones says:

      Thanks for the feedback 🙂 I’m working on something along the lines of an epipserver introduction/manual.. although I’ve been trying to write it for nearly a year now. I don’t really know of anything specific for episerver, sorry 😛


Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *