Vulnerability in EPiServer.Forms
We have a slight problem with the latest incarnation of Find. The UI does not appear. We're using the customers Active Directory for groups and users.
In the thread http://world.episerver.com/Modules/Forum/Pages/Thread.aspx?id=80344 they discusses solutions to the problem, but I can't seem to get it to work. Since we're relying on the AD we do not have the possibilty to add the groups therein. We've tried adding virtual roles for WebEditors and SearchAdmins but no luck at all.
Any pointers? Indexing/search works fine.
Could you post the error you get when trying to access the Find UI?
The problem is that I don't even get the link to it. And no errors in the log.
We had the same problem since our users was not in a AD group called WebAdmins. It can be solved by adding this line to your episerver.framework section
<add roles="WebAdmins, Administrators, CUSTOMADNAME" mode="Any" name="SearchAdmins" type="EPiServer.Security.MappedRole, EPiServer.Framework" />
Just change CUSTOMADNAME to the name of the group your users are in that are supposed to have access to Find
Sorry, I saw now that you already had tried that.
Since the Find link is missing, could you try opening the URL directly? Should return an error. For example: http://win-oomc81i4bmh:17006/episerver/Find/#overview
Tried what you suggested Richly, but I do not get access with my account which is an administrator.
Can you show us how your <episerver.framwork> section looks like here?
<scanAssembly forceBinFolderScan="true" />
<add name="Administrators" type="EPiServer.Security.WindowsAdministratorsRole, EPiServer.Framework" />
<add name="Everyone" type="EPiServer.Security.EveryoneRole, EPiServer.Framework" />
<add name="Authenticated" type="EPiServer.Security.AuthenticatedRole, EPiServer.Framework" />
<add name="Anonymous" type="EPiServer.Security.AnonymousRole, EPiServer.Framework" />
<add name="CmsAdmins" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebAdmins, Administrators,DOMAIN\EPi Webadmins" mode="Any" />
<add name="CmsEditors" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebEditors, WebAdmins, Administrators,DOMAIN\EPi Webredaktörer,DOMAIN\EPi Webadmins" mode="Any" />
<add name="Creator" type="EPiServer.Security.CreatorRole, EPiServer" />
<add name="PackagingAdmins" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebAdmins, Administrators, DOMAIN\EPi Webadmins" mode="Any" />
<add name="SearchAdmins" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebAdmins, Administrators,DOMAIN\EPi Webadmins" mode="Any" />
<add name="ProtectedModules" virtualPath="~/EPiServer/" physicalPath="Modules\_Protected" type="EPiServer.Web.Hosting.VirtualPathNonUnifiedProvider, EPiServer.Framework" />
<add name="maxmind" type="EPiServer.Personalization.Providers.MaxMind.GeolocationProvider, EPiServer.ApplicationModules" databaseFileName="[appDataPath]\Geolocation\GeoLiteCity.dat" />
<localization fallbackBehavior="Echo, MissingMessage, FallbackCulture" fallbackCulture="sv">
<add virtualPath="~/Resources/LanguageFiles" name="languageFiles" type="EPiServer.Framework.Localization.XmlResources.FileXmlLocalizationProvider, EPiServer.Framework" />
Try remove DOMAIN\ from the mappedRole, I don't think it is nessersay. We do not use it and it works in both test and live enviroment and those are in different AD Domains
Still the same problem even when removing "DOMAIN". For added info, the Add-ons button/link is not showing either despite being in the correct group for PackagingAdmins.
I would then try to see what happens if you add a gruop with a name without a space. I think space should work, but just to be shore, create a new group in you domain (if you are able) and add it to the config, name it without a space
Thanks, I think I will take this further with the EPiServer support. I did even create local groups (we use Windows Authentication) witout a space and that did not work either.
Do that, start with taking up a chat session with them, they are very good at what they do. I can not see any errors in the config, so it should work :-)Good luck and when you figure out what the error are, please update this thread with it so others can get help from it
Try changing from:
<virtualRoles addClaims="false" replacePrincipal="true">
That can be the thing Evest, we have it like this and that is working
Thank you Steve for your input. Works fine now. :)