Vulnerability in EPiServer.Forms

Try our conversational search powered by Generative AI!

Problems accessing EPi webservices with site in "forms auth." mode.



I have followed the 3 step instructions in this site how to activate basic authentication in the webservices folder. It all seems to work fine. I m getting the basic windows loginprompt. But cant get access! I have tried with both a special service account and administrator accounts. If I first login to EPiadmin I get access to the webservices.

If I set allowed roles to "everyone" I get in without any promt at all (surpriced?Tongue out). I have tried all combinations of servername\user servername\group just group and username in he allowed roles listing. Same result. No access. It seems to be something in the "basic" module that doesn't manage to resolve role/user membership. (i have used FF to ensure no challengeresponse interference)

The setup:

Windows 2003, EPI CSM 5 R2, Multiplexing role and membership provider, Basic authentication module activated, Server is running standalone (No domain). Authenticationmode "forms". Accounts marked as allowed to access webservices in the AdminConfig. Acconts are members in the local administrators group.

Any one got this working? With R2? The goal is to mirror chosen branches from an intranet to a extranet.

Janne, preparing a week of skiing in Swedish alps.

Feb 20, 2009 9:17
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.