November Happy Hour will be moved to Thursday December 5th.

Mirroring web authentication

Vote:
 

Hi

I have tried to configure the mirroring of content from a staging server to a production server as described here : http://world.episerver.com/Documentation/Items/Tech-Notes/EPiServer-CMS-5/EPiServer-CMS-5-R2-SP2/Mirroring---Configuration-and-Operation/#Prerequisites

After I have set up the destination site with a user and allowed then web service access and the source site with the remote web site and try to use the ping comment in admin mode I am getting the error "The user does not have the 'Permission.WebServiceAccess' access right to access web services on the remote site, for user". So it seems to communicate with the destination site but doesnt see that the user is allowed to access the web services.

All my users are through the SQL provider. The notes make mention that you need to have a windows based account to authenticate and to create an SQL user with the same name as the Windows user. I have tried this but to no avail. And it sounds a bit messy. We are using forms authentication.

I found a previous post on this topic but it has no real closure. Obviously this has been done many times so does anyone have any quick clues as to why we would be receiving this error - especially considering we have added the destination user to the list of users allowed to use web services.

 

Thanks in advance

 

Ted

#43092
Sep 13, 2010 18:44
Vote:
 

Do you have Basic authentication (and nothing else) in the IIS security on the folder for web services?

#43093
Sep 13, 2010 21:44
Vote:
 

Fredrik

Yes, only basic authentication. It would seem the user has been authenticated but just that it feels they dont have the appropriate permissions for webservices. I thought this was what the admin function for assigning users to web servie access was for. Is there anything I should be looking for in the web config specifically?

 

Ted

#43098
Sep 14, 2010 9:20
Vote:
 

Fredrik

Yes, only basic authentication. It would seem the user has been authenticated but just that it feels they dont have the appropriate permissions for webservices. I thought this was what the admin function for assigning users to web servie access was for. Is there anything I should be looking for in the web config specifically?

 

Ted

#43099
Sep 14, 2010 9:21
Vote:
 

Dont remember everything exactly but one thing that came across my mind is web.config location "allow roles", that your user is member of a group specified here? And that the user is in that group on that local machine, at least  in my case (sql user and forms auth)  I needed to do that... I have same pwd in EPi and on local machine... maybe it si worth a try again

maybe you can tell everything that you have actually done in a list, so it is easier to see what's possible missing

#43114
Sep 14, 2010 13:49
Vote:
 

Fredrik

 

On the destination (production) site:

I have an exisiting SQL based user called webadmin with a password.

This iser is a member of Administrators, Webadmins and webeditors groups

I also have this user as an administrator on the local machine - same credentials.

I have added this user via the admin->security->permissions for functions panel to the list of users allowing to act as a web service user.

I have ensured that the authentication mode if forms. Its URL is the standard login.aspx as below

    <authentication mode="Forms">
      <forms name=".EPiServerLogin" loginUrl="Util/login.aspx" timeout="120" />
    </authentication>

<authentication mode="Forms">

   <forms name=".EPiServerLogin" loginUrl="Util/login.aspx" timeout="120" />

</authentication>

I also have the BasicAuthentication added into httpmodules as below

<add name="BasicAuthentication" type="EPiServer.Security.BasicAuthentication, EPiServer" />

I have snsured that anonymous access to the webservices folder is disabled

In the localtion path for the webservices directory I have added the role "administrators" in.

On the source (staging) site:

I have added a remote site with the URL of the destination site.

I have specified the same SQL webadmin account and password.

I have left all other fields blank.

 

Again, when I try to ping the destination site I get the error described.

 

#43115
Sep 14, 2010 16:00
Vote:
 

Ok it seems like you have done it all...

Time to try locate the exact problem

To test the access, what happens if you on the source server (logged in with remote desktop), just take the destination URL and try to browse that web service .asmx (dont remember which one it is) directly? loginpage/dialog?

and if you look in the Event viewer, you see any detailed error about this (or the other ones) attempt?

#43116
Sep 14, 2010 20:08
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.