DNN Forums

Ask questions about your website to get help learning DNN and help resolve issues.
Prev
Next

Inporting users from a DNN 7 into a DNN 9 with passwords

Forums > Upgrading DNN Platform
Sort:
You are not authorized to post a reply.





Alexandru Ionescu

New Around Here



Posts:13
New Around Here




1/17/2021 2:19 PM

    Hello friends,

    I have to import the users from a DNN 7 organization into a new DNN 9.8.0  organization with passwords, too.

    I have performed the task using SQL batches, inserting data into [dbo].[Users], [dbo].[UserRoles],[dbo].[UserPortals],[dbo].[UserProfile],[dbo].[aspnet_Users],[dbo].[aspnet_Membership].

    All good except that the users cannot login into the site using their passwords.

    The passwords are hashed so , i am afraid that is not enough to do the copy/paste ( select/insert) :).

    Is there a way to migrate the old passwords in order to not force the all users to change their passwords?

    Thank you,

     

     






    Justin C

    Growing Member



    Posts:53
    Growing Member




    1/17/2021 2:26 PM
      If the passwords are hashed (which began by default I believe in 7.2 and above) then you will not be able to migrate them.





      Alexandru Ionescu

      New Around Here



      Posts:13
      New Around Here




      1/18/2021 3:03 AM
        Are the passwords lost when an upgrade in place is done? If not, why we cannot import them too from one implementation to another ?





        Michael Tobisch

        Veteran Member



        Posts:1124
        Veteran Member




        1/18/2021 4:40 AM
          If you upgrade in place, the passwords stay the same.

          Happy DNNing!
          Michael

          Michael Tobisch
          DNN★MVP

          dnnWerk Austria
          DNN Connect





          Alexandru Ionescu

          New Around Here



          Posts:13
          New Around Here




          1/18/2021 8:22 AM

            Thank you Michael for your answer.

            Can you explain to me, please, why the same passwords (I am taking about the hashes that I have copied by select/insert) does not work on the new implementation (9.8.0)? Isn't the same mechanism of authentication ? Isn't the same mechanism of encription ? 






            Joe Craig

            Veteran Member



            Posts:1236
            Veteran Member




            1/18/2021 11:02 AM
              You should be able to use https://github.com/fordnn/usersexportimport to export users from your DNN7 installation import them into a DNN9 installation.

              You can export passwords from DNN7 and then import them into DNN9.

              What you can't do is export passwords from DNN 9. They are encrypted and cannot be recovered. This is a security feature in DNN 9.
              Joe Craig
              DNN MVP
              Patapsco Research Group





              AllanE

              New Around Here



              Posts:16
              New Around Here




              1/19/2021 1:37 AM
                Try copying the machine key from web.config to the new install. That would work with encrypted passwords. I not sure with hashed passwords but it's worth a shot and easy to test.





                Alexandru Ionescu

                New Around Here



                Posts:13
                New Around Here




                1/19/2021 7:36 AM

                  Even if they are not saved in clear in database ?

                  The passwords are hashed in our DNN 7.

                  Thank you,

                   






                  AllanE

                  New Around Here



                  Posts:16
                  New Around Here




                  1/19/2021 7:40 AM
                    As far as I know the DNN membership provider is using the machine key when encrypting the passwords. If the machine key changes (i.e. your import into another DNN instance) it becomes impossible to decrypt. I would think that it's the same with hashed passwords.





                    Alexandru Ionescu

                    New Around Here



                    Posts:13
                    New Around Here




                    1/20/2021 2:53 AM
                      Thank you all,
                      The solution was to copy the machine key in web.config.
                      The passwords are encrypted , only encryption is using the machine key. I don't thing that hashing use a key.
                      You are not authorized to post a reply.

                      These Forums are dedicated to the discussion of DNN Platform.

                      For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

                      1. If you have (suspected) security issues, please DO NOT post them in the forums but instead follow the official DNN security policy
                      2. No Advertising. This includes the promotion of commercial and non-commercial products or services which are not directly related to DNN.
                      3. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
                      4. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
                      5. No Flaming or Trolling.
                      6. No Profanity, Racism, or Prejudice.
                      7. Site Moderators have the final word on approving / removing a thread or post or comment.
                      8. English language posting only, please.

                      Would you like to help us?

                      Awesome! Simply post in the forums using the link below and we'll get you started.

                      Get Involved