Take the community feedback survey now.

AI OnAI Off

401 error when creating users /EPiServer/EPiServer.Cms.UI.Admin/users/Create

Mark Rullo
Mark Rullo
Vote:
 

Hello,

I'm in the process of setting up the identity providers for our v12 upgrade (big shout out to Brad McDavid for his library). I think most things are configured properly, except when I'm testing the create user, I get a 401 error.

It's using this endpoint:
/EPiServer/EPiServer.Cms.UI.Admin/users/Create

When I update a user using /EPiServer/EPiServer.Cms.UI.Admin/users/Update all is good.  Roles are added just fine.

The user I'm using has claims that allow it into the admin area, so I think my mappings are correct.  Pasted below just in case:

			"MappedRoles": {
				"Items": {
					"CmsAdmins": {
						"MappedRoles": [
							"WebAdmins",
							"Administrators"
						],
						"ShouldMatchAll": "false"
					},
					"CmsEditors": {
						"MappedRoles": [
							"Administrators",
							"WebEditors"
							
						],
						"ShouldMatchAll": "false"
					},
					"SearchEditors": {
						"MappedRoles": [
							"Administrators",
							"WebAdmins"
						],
						"ShouldMatchAll": "false"
					},
					"SearchAdmins": {
						"MappedRoles": [
							"Administrators",
							"WebAdmins"
						],
						"ShouldMatchAll": "false"
					},
					"PackagingAdmins": {
						"MappedRoles": [
							"Administrators",
							"WebAdmins"
						],
						"ShouldMatchAll": "false"
					},
					"OPCEditors": {
						"MappedRoles": [
							"OPCEditors"
						],
						"ShouldMatchAll": "false"
					},
					"ProfilesSegmentViewers": {
						"MappedRoles": [
							"Administrators",
							"WebAdmins"
						],
						"ShouldMatchAll": "false"
					},
					"ProfilesReportViewers": {
						"MappedRoles": [
							"Administrators",
							"WebAdmins",
							"WebEditors"
						],
						"ShouldMatchAll": "false"
					}

				}

 

I'm putting a breakpoint in the userProvider and it's not getting into the method.  Not sure how to debug this one as the 401 is coming from within Episerver.

 

Cheers

#339544
Jun 26, 2025 15:02
Stefan Holm Olsen
Stefan Holm Olsen
Vote:
 

The Users API is asking your UserProvider implementation whether Create and Update is supported in each endpoint. If not supported you will get that 401 error, regardless of the admin user's roles or claims.

Which provider are you using?

#339551
Jun 28, 2025 13:59
Mark Rullo
Mark Rullo
Vote:
 

Stefan, thanks for the response.

I'm using a custom UIUserProvider and have implemented overrides for 

public override async Task<CreateUserResult> CreateUserAsync(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved)

and even the obsolete:

public override IUIUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, out UIUserCreateStatus status, out IEnumerable<string> errors)

I have breakpoints in these methods and they're not being called.

 

Do you know if there is another way that I need to show that this is enabled?

 

Cheers

#339583
Jul 02, 2025 16:56
Mark Rullo
Mark Rullo
Vote:
 

Finally found the way to show that the CreateUser methods are enabled.  I didn't realize there is an IsSupported method that can be overridden to set a value.  See below:

	public override bool IsSupported(string providerName, ProviderActions action)
	{
		// Support Create, Delete, and Update actions for this provider
		if ((action == ProviderActions.Create || action == ProviderActions.Delete || action == ProviderActions.Update) && providerName == nameof(ExtendedUserProvider))
		{
			return true;
		}
		return base.IsSupported(providerName, action);
	}
#339720
Jul 15, 2025 23:31
Stefan Holm Olsen - Jul 17, 2025 13:27
Thanks for posting the solution. 👍
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.