November Happy Hour will be moved to Thursday December 5th.

AI OnAI Off

No policy found: Administrators

Patrick Stysiak
Patrick Stysiak
Vote:
 

We are in the process of migrating a CMS 11 / Commerce website over to CMS 12 and Commerce 14. After logging into the CMS user interface we get a 500 error from this request:

/EPiServer/Shell/epiplatformnavigation?product=global_cms&parentProduct=

No menus load in the cms as a result. Error stacktrace is as follows:

System.InvalidOperationException: No policy found: Administrators.
   at Microsoft.AspNetCore.Authorization.DefaultAuthorizationService.AuthorizeAsync(ClaimsPrincipal user, Object resource, String policyName)
   at EPiServer.Shell.Web.Internal.NavigationService.IsAvailableAsync(MenuNode node)
   at EPiServer.Shell.Web.Internal.NavigationService.GetProductMenuItemsAsync(String productId)+MoveNext()
   at EPiServer.Shell.Web.Internal.NavigationService.GetProductMenuItemsAsync(String productId)+System.Threading.Tasks.Sources.IValueTaskSource<System.Boolean>.GetResult()
   at System.Linq.AsyncEnumerable.<ToListAsync>g__Core|424_0[TSource](IAsyncEnumerable`1 source, CancellationToken cancellationToken) in /_/Ix.NET/Source/System.Linq.Async/System/Linq/Operators/ToList.cs:line 36
   at System.Linq.AsyncEnumerable.<ToListAsync>g__Core|424_0[TSource](IAsyncEnumerable`1 source, CancellationToken cancellationToken) in /_/Ix.NET/Source/System.Linq.Async/System/Linq/Operators/ToList.cs:line 36
   at EPiServer.Shell.UI.Controllers.Internal.EPiPlatformNavigationController.Get(String product, String parentProduct)
   at lambda_method1120(Closure , Object )
   at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Logged|12_1(ControllerActionInvoker invoker)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync()
--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeFilterPipelineAsync()
--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
   at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
   at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Mediachase.Commerce.Anonymous.Internal.AnonymousIdMiddleware.Invoke(HttpContext httpContext)
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
#322546
May 23, 2024 6:33
Eric Herlitz
Eric Herlitz
Vote:
 

Have you added the Administrators virtual role to your mapped roles in appsettings.json?

E.g.

{
  "EPiServer": {
    "CMS": {
      "MappedRoles": {
        "Items": {
          "Administrators": { "MappedRoles": [ "WebAdmins" ] },
          "CmsEditors": { "MappedRoles": [ "WebEditors" ] },
          "CmsAdmins": { "MappedRoles": [ "WebAdmins" ] },
        },
#322549
May 23, 2024 9:56
Patrick Stysiak
Patrick Stysiak
Vote:
 

I'm still seeing the same error after adding the Mapped Roles.

#322596
May 24, 2024 1:14
Ronil Rangaiya
Ronil Rangaiya
Vote:
 

Hi Patrick

Do you have any custom plug-ins or modules in the solution and have these been upgraded to CMS 12 compatible version?

It is possible that one of the custom modules doesn't have the correct authorization policy applied. You can check each module's module.config (in the zip file) is using one of the known CmsPolicyNames

#322599
Edited, May 24, 2024 8:01
Patrick Stysiak
Patrick Stysiak
Vote:
 

I have Geta Tags (2.0.7) and Geta NotFoundHandler (5.0.8) which are both updated for CMS 12.

#322600
May 24, 2024 8:37
Ronil Rangaiya
Ronil Rangaiya
Vote:
 

Check if there are any custom menu providers, with authorisation policy applied

Also, try the following mapped roles in appsettings:

  "EPiServer": {
    "CMS": {
      "MappedRoles": {
        "Items": {
          "CmsEditors": { "MappedRoles": [ "WebEditors" ] },
          "CmsAdmins": { "MappedRoles": [ "WebAdmins" , "Administrators"] },
        }
#322603
May 24, 2024 13:29
Eric Herlitz
Eric Herlitz
Vote:
 

On secound thought your solution may require a virtual role called "Administrators", in that case

  "EPiServer": {
    "CMS": {
      "MappedRoles": {
        "Items": {
          "CmsEditors": { "MappedRoles": [ "WebEditors" ] },
          "CmsAdmins": { "MappedRoles": [ "WebAdmins" , "Administrator"] },
          "Administrators": { "MappedRoles": [ "WebAdmins" , "Administrator", "Other_claims_you_might_want"] } // this virtual role
        }
#322605
May 24, 2024 14:57
Ronil Rangaiya - May 24, 2024 22:27
Hi Eric,
Is adding "Administrators" as a MappedRole required? I understand it just needs to be mapped to CmsAdmins as per my above comment.

According to documentation, the predefined "Administrators" is not one of the MappedRole types.

https://docs.developers.optimizely.com/content-management-system/docs/virtual-roles
Eric Herlitz - May 27, 2024 7:52
@Ronil Someone may have added "Administrators" as a virtual role as well to the CMS DB.
Patrick Stysiak
Patrick Stysiak
Vote:
 

There was a custom menu provider which was looking for Administrators role, i've swapped this to use CMSAdmins.

Menus are now loading, with the exception of /Episerver/CMS. Screen is blank when trying to load it and there are no console errors or .net exceptions thrown.

#322722
May 27, 2024 8:46
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.