Vulnerability in EPiServer.Forms
in my episerver 7 project the Addon store is gone. when i go to /Episerver/CMS/AddOns the page is blank, and there is no errors in my log file or in event viewer. i know this is not much to go on but i have no idea where the problem could be so i dont know what settings to report here. if anyone have an idea where is should look please report then i can start there.
Can you see "Add-ons" item in the global navigation menu?
I think it has something to do with access rights. Make sure that your user belongs to one of the roles that is part of the virtual role PackagingAdmins. You will find it in our EPiServerFramework.config file.
Do you have those DLL in your site modulesbin folder:
it was access rights that was the problem, i will try to give my user the right role
hm, when i login i can see the admin view which as far as i can see means that i have the role webadmin or administrator (see http://webhelp.episerver.com/CMS/7.1/EN/Default.htm#Authorization/Admin_IN_WorkingWithAuthorization.htm)
in my episerverframework i have this line
<add roles="WebAdmins, Administrators" mode="Any" name="PackagingAdmins" type="EPiServer.Security.MappedRole, EPiServer.Framework" />
so now as far as i can see it is the same rights i need to see addon store as admin view.
i assume the problem is the claims membership provider i use, but how come i can se the admin view and not the addon store?
when i try to login as administrator using EPiServerLogin i can see the addon store, but i need to be able to use my claims membership provider
I also have this same issue however I'm logging in with admin who is part of Administrators/WebAdmins, modulesbin contains the correct DLL's and episerverframework.config contains
So really not sure what else I can check? Are there any settings stored in the DB? Any files I can check for that could be missing?
Thanks in advance
I've stumbled across this issue too - I'm logging in with a windows membership who is part of "Administrators/WebAdmins", the DLL's all exist and episerverframework.config contains:
<add name="PackagingAdmins" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebAdmins, Administrators" mode="Any" />
It works when I log in on my dev environment using my windows membership, but our testing environment isn't showing up.Any progress/hints with this?Thanks,Dean
Are you loggin in with Administrator or user that belongs to Administrators group on target environment?
Thanks for the reply, logged in with an Administrator using a Windows Membership, the users are all part of the Administrators Group, which has a WindowsRoleProvider.The users are created using WindowsMembershipProvider - made as admins on the machine host.
Only using a Windows Role Provider and Windows Membership Provider - we have no need for SQL or any others.From Web.config:
<roleManager enabled="true" defaultProvider="WindowsRoleProvider"> <providers> <clear /> <add name="WindowsRoleProvider" applicationName="EPiServerSample" type="EPiServer.Security.WindowsRoleProvider, EPiServer" /> </providers> </roleManager> <membership defaultProvider="WindowsMembershipProvider" hashAlgorithmType="HMACSHA512" userIsOnlineTimeWindow="10"> <providers> <clear /> <add name="WindowsMembershipProvider" type="EPiServer.Security.WindowsMembershipProvider, EPiServer" deletePrefix="BUILTIN\" /> </providers> </membership>
Thanks again, really appreciate it - the store is visible on both our production and developer systems, it's just the test environment we can't see it.
Note, since this answer ranks quite high in Google for this particular problem, I'm adding another answer that is worth checking out.
When you upgrade to the new packaging system in EPiServer.Packaging (3.2.0 or newer), make sure you also have EPiServer.Packaging.UI installed as a nuget package.
For some reason I've yet to understand, a site that I upgraded lost this package during upgrade (or it never had it in the first place). I was able to run the Move-EPiServerProtectedModule command though.
Running: "install-package EPiServer.Packaging.UI" brought back the Add-on menu.