Vulnerability in EPiServer.Forms
I've successfully installed the overlook demo site and I've encountered three issues already.
1. When I create a user, the member groups are not populated even though there are existing groups.
2. Though the login looks cool, I receive a "Server is not available, please try again later or contact to administrator of the web." error message. So I just use the Util/login.aspx instead.
3. When I login using the Util/login.aspx, it goes to ~/default.aspx and I receive a Server Error "THe resource cannot be found" because the default.aspx page actually doesn't exist. Workaround would be to just access to root url.
The demo sites looks really great but having several issues encountered already feels a bit of a turn off. We were planning to use this template first for our company website and eventually for other sites as well.
Does someone know how to resolve these issues (most especially item #1)? Thanks in advance.
I was able to resolve item#1 by specifying the membership and rolemanager defaultProvider from Multiplexing to EPiServerCommon.
I can resolve item #3. But item #2, I still have to check the code.
Item #3 was caused by this error:
This collection already contains an address with scheme http. There can be at most one address per scheme in this collection. Parameter name: item. ---> System.ArgumentException: This collection already contains an address with scheme http. There can be at most one address per scheme in this collection.
Removing all but one binding will resolve the issue. But for multiple bindings, it's another story. Haven't yet made it work.
Doing this will also resolve item #3.
another workaround is to add something like the following in your web.config:
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"> <baseAddressPrefixFilters> <add prefix="net.tcp://www.yourdomain.com.au/" /> <add prefix="http://www.yourdomain.com.au/" /> </baseAddressPrefixFilters> </serviceHostingEnvironment>