May 14, 2007

Creating a Standard DotNetNuke User Via SQL

Due to popular demand from my "Creating a Host Account Via SQL" article, this article is an extension of that article to show you how to create a regular portal user based on the password for an existing user account.  The first portions of this process are very similar to that of the host account creation, however there are a few additional steps.

Requirements

For these instructions to work properly you MUST know the password of at least one user account in your portal. This can be any user account as long as it is for the same application! Also you should be running DotNetNuke 4.4.1 or later as these instructions have NOT been tested on any previous versions.

Disclaimer

I am providing this example as exactly that an example. Anytime you directly modify the database you are introducing a level of risk. Please take the appropriate safety precautions and backup your database before proceeding, I can not be liable for any data loss that may occur from you performing these steps.

Obtain Needed Information

The first step of the process to creating a new user account via the database is to obtain some needed information. We need the "Application Name" for your DotNetNuke installation, typically this is simply "dotnetnuke", it is set in your web config under the membership element.  We also need the "password", "passwordSalt" and "PasswordFormat" values from the aspnet membership table for a working user account with a known password.  Below is a query to obtain this information.  NOTE: replace the text TestUser with the username of your known working user account.

SELECT m.password, m.passwordsalt, m.passwordformat
FROM aspnet_users u
    
INNER JOIN aspnet_membership m
        
ON (u.userid m.userid)
WHERE u.UserName 'TestUser'

The final piece of information that we need is the id of your portal, this can be obtained from the "Portals" table, below is a query that will give you the portal name and portalId of each portal in your DNN installation.

SELECT PortalId,
     PortalName
FROM Portals

Execute Scripts to Create Account

Now we simply combine our desired new information and the existing information that we obtained to create the user account. Below is a listing of the SQL Code that I used to create the account in my portal. You will need to substitute your own values for the various properties. Also, I am using the long format to accomplish this goal by declaring each of the variables prior to calling the stored procedure, this is simply done to make the code easier to read.  You will also want to change the hard coded values for FirstName, LastName, and DisplayName.  I did not declare variables for those to reduce the length of the sample code.

DECLARE @ApplicationName nvarchar(256)
SET @ApplicationName 'DotNetNuke'
DECLARE @UserName nvarchar(256
SET @UserName 'NewUser' --The new user
DECLARE @Password nvarchar(128)
--From the existing user
SET @Password 'LLSXX8xW6+0EbrV4JBzL/YenA1D6BBfRnkYY7FtQvNGmmPOhVdPiAA=='
DECLARE @PasswordSalt nvarchar(128)
--From the existing user
SET @PasswordSalt 'P40ky5tExsx37nUIFnCWZQ=='
DECLARE @Email nvarchar(256)
SET @Email 'TestingAccount@test.com' --You can set this to whatever you want
DECLARE @PasswordQuestion nvarchar(256)
SET @PasswordQuestion ''
DECLARE @PasswordAnswer nvarchar(128)
SET @PasswordAnswer ''
DECLARE @IsApproved bit
SET 
@IsApproved 1
DECLARE @CurrentTimeUtc datetime 
SET 
@CurrentTimeUtc = GETDATE()
DECLARE @CreateDate datetime
SET 
@CreateDate @CurrentTimeUtc
DECLARE @UniqueEmail int
SET 
@UniqueEmail 0
DECLARE @PasswordFormat int
SET 
@PasswordFormat --NOTE: Value from existing user!
DECLARE @PortalId int
SET 
@PortalId 0    --The id of your portal
Declare @UserId uniqueidentifier
DECLARE 
@DNNUserId int

--Make the stored procedure call
EXEC dbo.aspnet_Membership_CreateUser @ApplicationName, @Username, @Password,
                @PasswordSalt, @email, @passwordquestion, @PasswordAnswer, 
                @IsApproved, @CurrentTimeUtc, @CreateDate, @UniqueEmail,
                @PasswordFormat, @UserId

--Insert the record into the DotNetNuke users table
INSERT INTO users (Username, FirstName, LastName, IsSuperUser, Email,
                    DisplayName, UpdatePassword)
    
VALUES(@Username, 'My''NewAccount'0, @Email, 'New Account'0)

--Get the new userid, from the DNN users table
SELECT @dnnuserid userid
FROM Users
WHERE username @Username

--Now, insert the record into the user portals table
INSERT INTO UserPortals (userId, PortalId, CreatedDate)
    
VALUES(@dnnuserid, @PortalId, GETDATE()) 

--Now Give the user permissions to the RECISTERED Users group
INSERT INTO UserRoles (userId, roleId)
SELECT @dnnuserid,
        roleId
FROM Roles
WHERE RoleName 'Registered Users'

The script should execute successfully with simple messages regarding record counts, no error messages should be displayed. To explain a bit more what the above script does.  First the "Declare" and "Set" statements simply build parameters for use later.  We then create the ASP.NET membership records for our new user.  We then create our DotNetNuke user record to ensure that DNN is aware of the user.  Then we obtain the id of the added user and then create a UserPortals record to grant the user access to the specified portal.

Logging In!

You should now be able to navigate to your DNN site and login with the new user account and the password from the account you copied. Upon login you should have full host permissions!

If you have any questions or comments regarding this please let me know! This is considered a last resort, however, it is something that can be used in times of need.

tags: DNN, Tutorials, SQL
comments powered by Disqus

Content provided in this blog is provided "AS-IS" and the information should be used at your own discretion.  The thoughts and opinions expressed are the personal thoughts of Mitchel Sellers and do not reflect the opinions of his employer.

Content Copyright

Content in this blog is copyright protected.  Re-publishing on other websites is allowed as long as proper credit and backlink to the article is provided.  Any other re-publishing or distribution of this content is prohibited without written permission from Mitchel Sellers.