In this tutorial, you will learn how to log into the Episerver editor without knowing a username or password! This article is a continuation of Top Tips To Get An Existing Episerver Project Up And Running. Often when I start at a new company or take on a new project, I won't have a log-in to get access to the Episerver editor. In this post, I'm assuming you are familiar with logging into Episerver. If you're not, then I would recommend reading, Beginner’s Guide: How To Access The Episerver Login Page first. Assuming you do not have access, fear not as long as you have access to the files and you can compile the site you can still get in. Want to learn how, read on πŸ”ŽπŸ”ŽπŸ”Ž

Create a Local Admin Account

Out of the box, Episerver uses the Multiplexing Provider to deal with membership and logging in. The multiplexing provider will attempt to log you into the CMS using Windows Authentication first. If that fails, it will fall back to SQL to try and log you in. The SQL provider is based on the standard.NET membership provider. This membership provider uses SQL to store data. To help you figure out what usernames exist within an Episerver database, you can look within a table called aspnet\Users found in your Episerver database!

To log into Episerver with the multiplexing provider enabled, you can try to use the account you log into Windows with. This account will need local administrator privileges to log in successfully. Depending on how your IT department has set up your account, using your Windows username and password to log into the CMS may or may not work. If your account doesn't work, you can try to create a local user account on your computer that has local administrators group permissions. This should allow you to log into Episerver.

My Episerver Website Uses A SQL Membership Provider

In a lot of companies, the membership provider is set to SQL only. In SQL only mode, unless you know a valid Episerver account you won't be able to access the editor. If you find yourself in this situation then the first trick is to check the roles and membership provider and switch both to Multiplexing. This is done in web.config. Find the role and membership provider setting and change the defaultProvider value to MultiplexingRoleProvider for the role provider and `MultiplexingMembershipProvider' for the membership provider. Example config shown below:

If this doesn't work, revert your web.config changes. Create a new file in the websites webroot called InstallUser.aspx. In this file, add this code:

Run this script by visiting the page in a browser. Go to 'www.website.com/InstallUser.aspx'. If it runs correctly, you should now have a user in your database called episerver, with the password of episerver who is an admin. Use these details to log in ️‍πŸ”₯️‍πŸ”₯️‍πŸ”₯

Allow Anonymous Access To The Editor

If all of the above still doesn't work, you can always allow anonymous access to the editor and the admin. You can then create a user account and revert the change. In your web.config, update these two sections:

And this one:

The main change is swapping deny all users, to allow all users. This change should allow anonymous access to the Episerver edit and admin UI without the need for authentication. I've bumped into a few issues getting this works due to caching, so after applying the change you may need to restart visual studio, or, your machine for it to work. You may run into a This request has probably been tampered with error when you configure Episerver in this way. Close the browser and try again. Ignore it and carry on!

The Sneaky Way... HACK SQL!

In the unlikely event that none of the tips above work, and you have access to a normal content editor account but not an admin account, your last chance is to hack the admin password. If you have access to SQL it's also possible to reset an account's password. DO NOT TEST ON LIVE, without testing in QA, dev or staging first. You should never run a custom SQL write a query against the Episerver database. if you have no options, make sure you back everything up first. In this approach, go into SQL to the user table and find the user account you have valid details for. Copy the password and salt values and override the password and salt values on an admin account. If everything goes well, you'll be able to log into the admin account using the content editors password.

if it helps, you should be able to get a list of all users in your Episerver website using this SQL command:

Find the user you know the valid account details for and copy the password, salt, and password type. Next, find an account that has admin access and run this SQL snippet:

Changing User, password, password salt and password format to the details you got from above. After running this, both user account will have the same password. So you should now be able to log into EpiServer with an admin account. You should now have access to the Episerver editor, your welcome! Happy Coding 🀘