No policy found: Administrators

Vote:
 

We are in the process of migrating a CMS 11 / Commerce website over to CMS 12 and Commerce 14. After logging into the CMS user interface we get a 500 error from this request:

/EPiServer/Shell/epiplatformnavigation?product=global_cms&parentProduct=

No menus load in the cms as a result. Error stacktrace is as follows:

System.InvalidOperationException: No policy found: Administrators.
   at Microsoft.AspNetCore.Authorization.DefaultAuthorizationService.AuthorizeAsync(ClaimsPrincipal user, Object resource, String policyName)
   at EPiServer.Shell.Web.Internal.NavigationService.IsAvailableAsync(MenuNode node)
   at EPiServer.Shell.Web.Internal.NavigationService.GetProductMenuItemsAsync(String productId)+MoveNext()
   at EPiServer.Shell.Web.Internal.NavigationService.GetProductMenuItemsAsync(String productId)+System.Threading.Tasks.Sources.IValueTaskSource<System.Boolean>.GetResult()
   at System.Linq.AsyncEnumerable.<ToListAsync>g__Core|424_0[TSource](IAsyncEnumerable`1 source, CancellationToken cancellationToken) in /_/Ix.NET/Source/System.Linq.Async/System/Linq/Operators/ToList.cs:line 36
   at System.Linq.AsyncEnumerable.<ToListAsync>g__Core|424_0[TSource](IAsyncEnumerable`1 source, CancellationToken cancellationToken) in /_/Ix.NET/Source/System.Linq.Async/System/Linq/Operators/ToList.cs:line 36
   at EPiServer.Shell.UI.Controllers.Internal.EPiPlatformNavigationController.Get(String product, String parentProduct)
   at lambda_method1120(Closure , Object )
   at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Logged|12_1(ControllerActionInvoker invoker)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync()
--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeFilterPipelineAsync()
--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
   at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
   at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Mediachase.Commerce.Anonymous.Internal.AnonymousIdMiddleware.Invoke(HttpContext httpContext)
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
#322546
May 23, 2024 6:33
Vote:
 

Have you added the Administrators virtual role to your mapped roles in appsettings.json?

E.g.

{
  "EPiServer": {
    "CMS": {
      "MappedRoles": {
        "Items": {
          "Administrators": { "MappedRoles": [ "WebAdmins" ] },
          "CmsEditors": { "MappedRoles": [ "WebEditors" ] },
          "CmsAdmins": { "MappedRoles": [ "WebAdmins" ] },
        },
#322549
May 23, 2024 9:56
Vote:
 

I'm still seeing the same error after adding the Mapped Roles.

#322596
May 24, 2024 1:14
Vote:
 

Hi Patrick

Do you have any custom plug-ins or modules in the solution and have these been upgraded to CMS 12 compatible version?

It is possible that one of the custom modules doesn't have the correct authorization policy applied. You can check each module's module.config (in the zip file) is using one of the known CmsPolicyNames

#322599
Edited, May 24, 2024 8:01
Vote:
 

I have Geta Tags (2.0.7) and Geta NotFoundHandler (5.0.8) which are both updated for CMS 12.

#322600
May 24, 2024 8:37
Vote:
 

Check if there are any custom menu providers, with authorisation policy applied

Also, try the following mapped roles in appsettings:

  "EPiServer": {
    "CMS": {
      "MappedRoles": {
        "Items": {
          "CmsEditors": { "MappedRoles": [ "WebEditors" ] },
          "CmsAdmins": { "MappedRoles": [ "WebAdmins" , "Administrators"] },
        }
#322603
May 24, 2024 13:29
Vote:
 

On secound thought your solution may require a virtual role called "Administrators", in that case

  "EPiServer": {
    "CMS": {
      "MappedRoles": {
        "Items": {
          "CmsEditors": { "MappedRoles": [ "WebEditors" ] },
          "CmsAdmins": { "MappedRoles": [ "WebAdmins" , "Administrator"] },
          "Administrators": { "MappedRoles": [ "WebAdmins" , "Administrator", "Other_claims_you_might_want"] } // this virtual role
        }
#322605
May 24, 2024 14:57
Ronil Rangaiya - May 24, 2024 22:27
Hi Eric,
Is adding "Administrators" as a MappedRole required? I understand it just needs to be mapped to CmsAdmins as per my above comment.

According to documentation, the predefined "Administrators" is not one of the MappedRole types.

https://docs.developers.optimizely.com/content-management-system/docs/virtual-roles
Eric Herlitz - May 27, 2024 7:52
@Ronil Someone may have added "Administrators" as a virtual role as well to the CMS DB.
Vote:
 

There was a custom menu provider which was looking for Administrators role, i've swapped this to use CMSAdmins.

Menus are now loading, with the exception of /Episerver/CMS. Screen is blank when trying to load it and there are no console errors or .net exceptions thrown.

#322722
May 27, 2024 8:46
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.