I was recently configuring multiple environments for a client and one of the things that I *always* do is remove the "admin" user and replace it with another account that has administrator privileges. You should *always* change the default password for the admin account, but you might as well take it an additional step and change the administrator account name as well. You don't want to be the one to have to answer to a client or your senior management as to why the default username and password were left in production. Even better, follow the security hardening guide when your site goes live.
The process I was taking was:
- Log into Sitecore using the "admin" account
- Create a new administrator account
- Log out
- Log back in using the 'new' admin account
- Delete the old "admin" account
5924 10:19:59 ERROR Application error. Exception: System.Web.HttpUnhandledException Message: Exception of type 'System.Web.HttpUnhandledException' was thrown. Source: System.Web at System.Web.UI.Page.HandleError(Exception e) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) Nested Exception Exception: System.InvalidOperationException Message: membership user Source: Sitecore.Kernel at Sitecore.Web.Authentication.TicketManager.Relogin(String ticketId, Boolean redirect) at Sitecore.DefaultPage.Page_Load(Object sender, EventArgs e) at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
It took a bit of looking around to figure out what I did: I deleted the "admin" account when I was still logged-in using that account. Oops. Since I never logged-out, Sitecore was trying to use my authentication cookie and put me straight back into the Sitecore UI, but since I deleted the user, it threw the above error message instead and would not let me log in.
To convince Sitecore to allow me log in as another user, I cleared my cache and all was good in my Sitecore world again.
0 comments:
Post a Comment