Set Access Rights - groups not showing up

Vote:
 

Has anyone experienced the following or would know how to fix it:

Under Admin > Access Rights > Administer Groups I created a new group, and added some users to it.

Under Admin > Access Rights > Set Access Rights I click on a page in the tree and wish to edit the rights for this section. I untick "Inherit settings from parent item" and then click on "Add Users/Groups" button.

In the form that pops up under Type I select Groups. I leave the Name field empty and click on Search. I am presented with some groups but the one I have created does not appear in the list.

Any idea what's going on and how to get my group to show up?

#261797
Sep 07, 2021 10:21
Vote:
 

What provider does it say the group has been created with when you look in Adminster groups?

Are you using ASP.NET Identity (The OOTB standard) for CMS access?

I checked and this is working in the Alloy Demo

#261800
Edited, Sep 07, 2021 11:38
Vote:
 

Hi Scott, thanks for your helpful input as usual. Under provider it says: EPi_AspNetIdentityRoleProvider (in fact this provider is under all existing groups on our site as far as i can see) is this the OOTB?

#261803
Edited, Sep 07, 2021 12:57
Vote:
 

Can you check everything for asp.net identity is configured as per https://world.optimizely.com/documentation/developer-guides/CMS/security/episerver-aspnetidentity/ 

You should have code for it in your startup.cs file and the areas for auth and members removed. Such as

   <authentication mode="None">
      <forms name=".EPiServerLogin" loginUrl="Util/login.aspx" timeout="120" defaultUrl="~/" />
    </authentication>
    <profile defaultProvider="DefaultProfileProvider">
      <properties>
        <add name="Address" type="System.String" />
        <add name="ZipCode" type="System.String" />
        <add name="Locality" type="System.String" />
        <add name="Email" type="System.String" />
        <add name="FirstName" type="System.String" />
        <add name="LastName" type="System.String" />
        <add name="Language" type="System.String" />
        <add name="Country" type="System.String" />
        <add name="Company" type="System.String" />
        <add name="Title" type="System.String" />
        <add name="CustomExplorerTreePanel" type="System.String" />
        <add name="FileManagerFavourites" type="System.Collections.Generic.List`1[System.String]" />
        <add name="EditTreeSettings" type="EPiServer.Personalization.GuiSettings, EPiServer.Cms.AspNet" />
        <add name="ClientToolsActivationKey" type="System.String" />
        <add name="FrameworkName" type="System.String" />
      </properties>
      <providers>
        <add name="DefaultProfileProvider" type="System.Web.Providers.DefaultProfileProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="EPiServerDB" applicationName="/" />
      </providers>
    </profile>
    <membership>
      <providers>
        <clear />
      </providers>
    </membership>
    <roleManager>
      <providers>
        <clear />
      </providers>
    </roleManager>
#261805
Sep 07, 2021 14:07
Vote:
 

Interestingly, my startup.cs looks completely different with many sections commented out: [removed]

#261986
Edited, Sep 09, 2021 10:57
Vote:
 

Scott did I understand you correctly, is the configuration blocked you shared, supposed to be in my Startup.cs or elsewhere? I still can't get this group assignment to work unfortunately and pretty desperate here.

#262160
Sep 13, 2021 11:41
Vote:
 

I don't see anything wrong with your Startup.cs code. What Scott was showing is some of what's needed in Web.config to support ASP.NET Identity, such as setting the mode in <authentication> to "None", and making sure the <membership> and <roleManager> is cleared out.

What groups do you see in the pop up? Are they just the virtual roles?

#263054
Sep 14, 2021 3:32
Vote:
 

I'm seeing the following groups only:

  • Administrators
  • Everyone
  • Authenticated
  • Anonymous
  • CmsAdmins
  • CmsEditors
  • Creator
  • PackagingAdmins
  • Visitors
  • GoogleAnalyticsAdministrators
  • GoogleAnalyticsReaders

Interestingly enough, when I edit the users, I can see under "Not member of" a list of all the groups including the new ones I have created and can add the user to these groups. 

#263064
Edited, Sep 14, 2021 7:19
Vote:
 

I you able to share your web.config (removing any sensitive areas).

Also can you check your solution for any references to ISynchronizedUsersRepository as this is the system that syncs users/roles and also returns results when looking in roles.

#263092
Sep 14, 2021 13:52
Vote:
 

I have gone ahead and removed and renamed sensitive areas. Here is the web.config, do you see anything that could be the culprit? [removed]

#263149
Edited, Sep 15, 2021 8:12
Vote:
 

Can you remove

    <securityEntity>
      <providers>
        <add name="SynchronizingProvider" type="EPiServer.Security.SynchronizingRolesSecurityEntityProvider, EPiServer" />
      </providers>
    </securityEntity>

And try again

#263150
Sep 15, 2021 8:16
Vote:
 

Wow bingo! I can now see all the groups that have been created and can assign them. Thanks so much Scott! Is this something I can safely remove from our production server? Any drawbacks to having it removed?

#263151
Sep 15, 2021 8:29
Scott Reed - Sep 15, 2021 8:44
Yes you can, there's multiple providers available to use in the platform as as you're using asp.net identity you want to be using AspNetIdentitySecurityEntityProvider. The one in the web.config was forcing it to the older provider so by removing it you've let it fall back to the one it wants to use with identity configured. So yes, should be safe to remove if your using identity.
EpiNewbie - Sep 15, 2021 8:46
Thank you so much for your help Scott! Really appreciated!
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.