Yet another post about resetting the Admin password

In the WDP packages you download from dev.sitecore.net/Downloads.aspx, you can find sample scripts for creating users for each database. You also find, a sample script for configuring the admin password.

The script is named SetSitecoreAdminPassword.sql and it is located in the file Sitecore 10.1.0 rev. 005207 (OnPrem)_single.scwdp (Sitecore 10.1). It is optimized to support different encryption methods.

declare @ApplicationName nvarchar(256) = 'sitecore'
declare @UserName nvarchar(256) = 'sitecore\admin'
declare @Password nvarchar(128) = 'PlaceHolderForPassword'
declare @HashAlgorithm nvarchar(10) = 'SHA1'
declare @PasswordFormat int = 1 -- Hashed
declare @CurrentTimeUtc datetime = SYSUTCDATETIME()
declare @Salt varbinary(16) = 0x
declare @HashedPassword varbinary(20)
declare @EncodedHash nvarchar(128)
declare @EncodedSalt nvarchar(128)

-- Generate random salt
while len(@Salt) < 16
begin
    set @Salt = (@Salt + cast(cast(floor(rand() * 256) as tinyint) as binary(1)))
end

-- Hash password
set @HashedPassword = HASHBYTES(@HashAlgorithm, @Salt + cast(@Password as varbinary(128)));

-- Convert hash and salt to BASE64
select @EncodedHash = cast(N'' as xml).value(
                  'xs:base64Binary(xs:hexBinary(sql:column("bin")))'
                , 'varchar(max)'
            ) from (select @HashedPassword as [bin] ) T

select @EncodedSalt = cast(N'' as xml).value(
                  'xs:base64Binary(xs:hexBinary(sql:column("bin")))'
                , 'VARCHAR(MAX)'
            ) from (select @Salt as [bin] ) T 

execute [dbo].[aspnet_Membership_SetPassword] 
   @ApplicationName
  ,@UserName
  ,@EncodedHash
  ,@EncodedSalt
  ,@CurrentTimeUtc
  ,@PasswordFormat

Some applications might need to change the hash algorithm type in the web.config file due to compliance reasons and it requires you to generate a different hashed password when resetting the admin account. This is why the script above is optimized for all scenarios.


Credits

Photo by Pixabay from Pexels.

comments powered by Disqus