Security Exception (Index Site Content)

November Happy Hour will be moved to Thursday December 5th.

AI OnAI Off

Home / Forums / Developers (Main Products) Forum / CMS 7.5 - 11 /

Security Exception (Index Site Content)

Mathias Ottosson

Vote:

While trying to access the "Index Site Content" - /EPiServer/EPiServer.Search.Cms/IndexContent.aspx (in cms 11)
Im met with a Security Exception :

Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for principal permission failed.

[SecurityException: Request for principal permission failed.]
   System.Security.Permissions.PrincipalPermission.ThrowSecurityException() +257
   System.Security.Permissions.PrincipalPermission.Demand() +496
   System.Security.PermissionSet.DemandNonCAS() +146
   EPiServer.UI.Admin.IndexContent..ctor() +35
   ASP.episerver_episerver_search_cms_indexcontent_aspx..ctor() +58
   __ASP.FastObjectFactory_app_web_gmuadrnl.Create_ASP_episerver_episerver_search_cms_indexcontent_aspx() +63
   System.Web.Compilation.BuildManager.CreateInstanceFromVirtualPath(VirtualPath virtualPath, Type requiredBaseType, HttpContext context, Boolean allowCrossApp) +132
   System.Web.UI.PageHandlerFactory.GetHandlerHelper(HttpContext context, String requestType, VirtualPath virtualPath, String physicalPath) +44
   System.Web.MaterializeHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +377
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +134

The problem is that it works fine on my local machine, and this only happens on the production enviroment. I cant seem to figure out whats wrong. Accessing other tools such as export, import
Manage Content, Change log etc all works. I noticed this issue when it seemed like the search had stopped working after the update from cms 10 -> 11.

#189002

Edited, Mar 08, 2018 13:07

Mathias Ottosson

Vote:

I forgot to mention that i have already tried to add : <trust level="Full" /> to the web.config.

#189003

Mar 08, 2018 13:09

Erik Norberg

Vote:

Could this be relevant?

https://world.episerver.com/documentation/Release-Notes/ReleaseNote/?releaseNoteId=CMS-8106

#189006

Mar 08, 2018 13:50

Mathias Ottosson

Vote:

I just read through that post and i cant seem to find anything that would point me to what the cause of this could be. Like i said, it only happends on the production environment, i have 0 issues when accessing it on a local machine (dev environment). Did i miss anything or what were you thinking of exactly :) ?

#189007

Mar 08, 2018 13:55

Erik Norberg

Vote:

I was thinking if your production web.config has been updated with the changes:

Configuration sections EPiServerFrameworkSection, StaticFileSection, EPiServerDataStoreSection and SearchSection have been moved to assembly EPiServer.Framework.AspNet

That is my first thought is if it can even find the configuration at all. :)

#189008

Mar 08, 2018 14:02

Mathias Ottosson

Vote:

I doubt that is the issue, since we copied the local config and just made changes to connection strings etc to reflect the production db and url. After a quick compare it seems they are as identical as they can get, so i assume the issue lies elsewhere :(

#189009

Mar 08, 2018 14:08

Erik Norberg

Vote:

Ah, i think i misunderstood the OP.

You aren't having a security issue with the actual search, but rather with accessing the admin page for triggering a full index?

I haven't made the transition to 11 yet.

If you haven't done it yet i would suggest you go through the function permissions to see if they added anything there:

CMS->Admin->Config->Security->Permissions for Functions

That is something that wouldn't have been migrated with the config file.

#189011

Mar 08, 2018 14:21

Mathias Ottosson

Vote:

Exactly, im trying to access the page that allows me to call a full reindex.

Humm i checked it out but does not seem to have anything to do with it, since we never even bothered to edit anything there in previous versions. Hopefully you have less trouble with ur update :)

#189013

Edited, Mar 08, 2018 14:35

Erik Norberg

Vote:

I won't notice if i get the same issue as you have anyway, we have a custom job to do a full index that includes commerce content. :D

#189016

Mar 08, 2018 14:44

Eric Petersson

Vote:

I am also experiencing this but also on my local development environement.

Have tried to replace the machine.config and web.config with full trust for the Episerver local site but doesn't seem to be working...

#192024

May 03, 2018 16:24

Eric Petersson

Vote:

I am also experiencing this but also on my local development environement.

Have tried to replace the machine.config and web.config with full trust for the Episerver local site but doesn't seem to be working...

#192025

May 03, 2018 16:24

Vote:

A couple of things to try out:

1. Turn of firewall to see if it fixes the issue.

2. Compare the application pool settings between local and production.

3. Make sure you have the following in your web.config

<authentication mode="None" />

#192041

May 04, 2018 0:05

Johan Björnfot

Vote:

One difference is that IndexContent.aspx is delivered from disk through a VPP (from folder /modules/_protected/EPiServer.Search.CMS) while the other pages in admin mode you mention are delivered from a ZIP package (from folder /modules/_protected/CMS/CMS.zip) .Not that I know that it can be a problem,but it is a difference at least...

Can you check that the account running the web process has access rights (file access on disk) for the file IndexContent.aspx (compared to e.g. web.config)?

#192066

May 04, 2018 15:55

Eric Petersson

Vote:

In our case it turned out that we needed to set the virtual roles mapped to our specific admin group roles for our site implementation.

Since Epi was checking for the principalrole of Administrators.

#192067

May 04, 2018 16:03

Jonas Lindau

Vote:

Eric, can you tell me exactly how you did this? I also tries to get this working by setting the virtual role without success...

/Jonas

#200876

Jan 30, 2019 8:03

William Hemmingsson

Vote:

Jonas, we had the same problem. I read through this thread and found that changing how the Administrators role work solved the problem. Since we are using Azure AD authentication (and no multiplexing) the Windows role Administrators in not really used anymore. But, it seems that the IndexContent.aspx page requires the user to be in this group.

I removed the follwoing row in web.config (under virtualRoles/providers)

<add name="Administrators" type="EPiServer.Security.WindowsAdministratorsRole, EPiServer.Framework" />

And added this row instead

<add name="Administrators" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebAdmins, GrpAppAdmOffice365E1" mode="Any" />

where "GrpAppAdmOffice365E1" is the admin role provided by Azure AD and WebAdmins is the standard EPiServer role.

Note that we now no longer can login as an adminsitrator using Windows Authentication, but since we are only using Azure AD its not an issue for us.

#202103

Edited, Mar 14, 2019 11:10

Please login to post a reply