Vulnerability in EPiServer.Forms
I have followed the 3 step instructions in this site how to activate basic authentication in the webservices folder. It all seems to work fine. I m getting the basic windows loginprompt. But cant get access! I have tried with both a special service account and administrator accounts. If I first login to EPiadmin I get access to the webservices.
If I set allowed roles to "everyone" I get in without any promt at all (surpriced?). I have tried all combinations of servername\user servername\group just group and username in he allowed roles listing. Same result. No access. It seems to be something in the "basic" module that doesn't manage to resolve role/user membership. (i have used FF to ensure no challengeresponse interference)
Windows 2003, EPI CSM 5 R2, Multiplexing role and membership provider, Basic authentication module activated, Server is running standalone (No domain). Authenticationmode "forms". Accounts marked as allowed to access webservices in the AdminConfig. Acconts are members in the local administrators group.
Any one got this working? With R2? The goal is to mirror chosen branches from an intranet to a extranet.
Janne, preparing a week of skiing in Swedish alps.