Cannot enter /episerver and /episerver/cms after login -- access

London Dev Meetup Rescheduled! Due to unavoidable reasons, the event has been moved to 21st May. Speakers remain the same—any changes will be communicated. Seats are limited—register here to secure your spot!

AI OnAI Off

Home / Forums / Developers (Main Products) Forum / Content Management System 12 /

Cannot enter /episerver and /episerver/cms after login -- access denied

Mateusz

Vote:

I'm loggin in via openId, after login i am redirected to access denied page - it seems that epi does not recognize me as webadmin.

I have (what looks like) proper cookie in the browser after loggin in.

i'm redirected to either:
/Account/AccessDenied?ReturnUrl=%2Fepiserver

or /Account/AccessDenied?ReturnUrl=%2Fepiserver%2Fcms

I am using this tutorial with no avail: https:// (i cannot enter hyperlinks because reasons) docs.developers.optimizely.com/content-cloud/v12.0.0-content-cloud/docs/integrate-azure-ad-using-openid-connect

I've even tried to force-add claim to user:

            .AddCookie("azure-cookie", options =>
            {
                options.Events.OnSignedIn = async ctx =>
                {
                    if (ctx.Principal?.Identity is ClaimsIdentity claimsIdentity)
                    {
                        claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, "WebAdmins", ClaimValueTypes.String, "Handmade"));
                        claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, "WebEditors", ClaimValueTypes.String, "Handmade"));

                        var synchronizingUserService = ctx
                            .HttpContext
                            .RequestServices
                            .GetRequiredService<ISynchronizingUserService>();


                        await synchronizingUserService.SynchronizeAsync(claimsIdentity).ConfigureAwait(false);
                    }
                };
            })

appsettings.json:

  "EPiServer": {
    "Find": {
...
    },
    "Cms": {
...
    },
    "Licensing": {
...
    },
    "MappedRoles": {
      "Items": {
        "CmsAdmins": {
          "MappedRoles": [ "WebAdmins", "Administrators" ],
          "ShouldMatchAll": "false"
        },
        "CmsEditors": {
          "MappedRoles": [ "WebEditors" ],
          "ShouldMatchAll": "false"
        },
        "CommerceAdmins": {
          "MappedRoles": [ "WebAdmins", "Administrators" ],
          "ShouldMatchAll": "false"
        },
        "FindAdmins": {
          "MappedRoles": [ "WebAdmins", "Administrators" ],
          "ShouldMatchAll": "false"
        },
        "SearchAdmins": {
          "MappedRoles": [ "WebAdmins", "Administrators" ],
          "ShouldMatchAll": "false"
        }
      }
    }
  }

I'm pretty sure i am missing something but can't find what.

#292900

Edited, Dec 09, 2022 8:56

Mateusz

Vote:

For future generations:
If you want to add custom claim you have to do it inside:

options.Events.OnTokenValidated:

                    var previousOnTokenValidatedHandler = options.Events.OnTokenValidated;
                    options.Events.OnTokenValidated = async context =>
                    {
                        await previousOnTokenValidatedHandler(context).ConfigureAwait(false);
                        if (context.Principal?.Identity is ClaimsIdentity claimsIdentity)
                        {
                            claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, "WebAdmins", ClaimValueTypes.String, "Handmade"));
                            claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, "WebEditors", ClaimValueTypes.String, "Handmade"));

                        }
                    };

#293208

Dec 15, 2022 13:48

This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.