May 20, 2013

System.InvalidOperationException after deleting Sitecore administrator account

By: Craig Taylor
May 20, 2013

I was recently configuring multiple environments for a client and one of the things that I *always* do is remove the "admin" user and replace it with another account that has administrator privileges.  You should *always* change the default password for the admin account, but you might as well take it an additional step and change the administrator account name as well.  You don't want to be the one to have to answer to a client or your senior management as to why the default username and password were left in production.  Even better, follow the security hardening guide when your site goes live.

The process I was taking was:

  1. Log into Sitecore using the "admin" account
  2. Create a new administrator account
  3. Log out
  4. Log back in using the 'new' admin account
  5. Delete the old "admin" account
I was bouncing between eight difference Sitecore instances and was essentially moving in 'auto-pilot' mode where I had already thought through what I was trying to accomplish and was quickly progressing through the tasks in the multiple environments.

During the course of removing the user on one of the instances, I ran into the following server error:

5924 10:19:59 ERROR Application error.

Exception: System.Web.HttpUnhandledException

Message: Exception of type 'System.Web.HttpUnhandledException' was thrown.

Source: System.Web

   at System.Web.UI.Page.HandleError(Exception e)

   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

   at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

   at System.Web.UI.Page.ProcessRequest()

   at System.Web.UI.Page.ProcessRequest(HttpContext context)

   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()

   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Nested Exception

Exception: System.InvalidOperationException

Message: membership user

Source: Sitecore.Kernel

   at Sitecore.Web.Authentication.TicketManager.Relogin(String ticketId, Boolean redirect)

   at Sitecore.DefaultPage.Page_Load(Object sender, EventArgs e)

   at System.Web.UI.Control.LoadRecursive()

   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

It took a bit of looking around to figure out what I did: I deleted the "admin" account when I was still logged-in using that account.  Oops.  Since I never logged-out, Sitecore was trying to use my authentication cookie and put me straight back into the Sitecore UI, but since I deleted the user, it threw the above error message instead and would not let me log in.

To convince Sitecore to allow me log in as another user, I cleared my cache and all was good in my Sitecore world again.


Post a Comment