Tuesday, April 22, 2014

Sitecore Admin User Password Reset

Some times the admin password for Sitecore instance is lost or the user admin account is locked.
One way to reset the admin password is by executing SQL scripts.

Another easy way is by placing below C# code in an aspx page and browsing it using the sitecore instance domain:

string resetPassword = String.Empty;
string userName = string.Empty;
string newPassword = "newPassword";
bool status = false;
bool isLocked = false;

using (new Sitecore.SecurityModel.SecurityDisabler())
 userName = @"sitecore\admin";
 MembershipUser user = Membership.GetUser(userName, true);
 if (user != null)
  resetPassword = user.ResetPassword();
                status = user.ChangePassword(resetPassword, newPassword);
                isLocked = user.IsLockedOut;
                if (isLocked)

Response.Write(String.Format("Password updated {0} for user - {1}", (status ? "successfully" : "failed"), userName));

This code can be placed in an aspx file kept inside \Website\sitecore\admin\ location.
Once the aspx page is created with the above snippet, browsing that aspx page will reset the admin password to the desired password given in variable newPassword.

Sample aspx page can be found in GitHub.

Sunday, April 20, 2014

Reasons for Sitecore IIS App Pool Crash

In past few months, there were two separate instance where IIS application pool of Sitecore website was crashing intermittently. In both of these cases, stack overflow resulted in IIS application pool crash. This article lists some of the reasons for stack overflow scenarios in Sitecore:

1. Infinite control load using Presentation Inversion of Control:

The websites which were built on Sitecore instance uses Presentation Inversion of Control. In simple terms, there were some custom Sitecore sublayouts built which renders the controls added to its DataSource item.

In one of the website's home page (startItem), the content author added one such control. The data source item for that control also had the same control, mistakenly, added as part of it presentation details. Whenever a request was made for the home page, the controls were loaded infinitely which led to application pool crash.

2. Sitecore Custom Security Providers:

Whenever an item is requested, sitecore checks if the user has access rights to the item or not. To get the user details for access rights, Sitecore checks with the security providers which are configured in web.config file. In one such custom security provider, to get user details, a sitecore item was being accessed. Since this custom security provider was trying to access sitecore item, Sitecore again checks for user access and invokes GetUser() for security providers. This resulted in an infinite recursive loop and led to application pool crash. So, if you are creating any custom security providers in Sitecore, ensure that those security providers in turn do not access any sitecore item.