Massive import of users and passwords in table CMS.User

Monjoie Dominique asked on September 22, 2017 15:13


I have to import around 1500 users (I use Import Toolkit) in the table CMS.User (FirstName, LastName, UserName, Email and UserPassword) from an Excel sheet. My problem concerns the passwords : I created them by concatenating 4 columns in my Excel sheet, so they are all unique.

Import is OK but when I take a UserName and the associated Password, impossible to connect. I saw in the table CMS.User that passwords remain like they were written in the Excel file. When I rewrite the password manually in the field, it appears under a crypted format in the table and I can use it to connect.

I try to mention SHA2SALT in a column of my file to import but without result. Can I import all these passwords in plain text and change it after (to SHA2SALT) to crypt them ? Is there a good way to avoid rewriting all the passwords manually to allow users to connect ?


Correct Answer

Trevor Fayas answered on September 22, 2017 15:26

Kentico's API handles a lot of that, This is all you need to do to properly set a password and let Kentico handle the encrypting:

CMS.Membership.UserInfoProvider.SetPassword("Username", "ThePassword");

What i would recommend is make a new column in your excel, and then use the CONCATENATE function to build the above line. Say column "A" is the code, Column "B" is username, and column "C" is the password. In column A in excel, put:

=CONCATENATE("CMS.Membership.UserInfoProvider.SetPassword(""",B2,""", """,C2,""");")

Then just drag that down all the way, copy and paste and run it. Little trick i use a lot.

1 votesVote for this answer Unmark Correct answer

Recent Answers

Brenden Kehren answered on September 23, 2017 14:35

It's a good security practice if you're importing users into a new system to force them to change their password on first login. You don't want them to think you can read their password which would be unsecure. So what I do is something similar to what you're doing, make a password combo that is just ridiculous and unique for each user. Then the new process is for the user to use the "forgot password" feature to:

  1. Validate their email address
  2. Reset their password
  3. Force them to adhere to your new password guidelines
3 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.