Vulnerability in EPiServer.Forms
So! We have an EPiServer 6R2 site that is currently displaying the invalid license message due to the use of an expired demo license. Upon generating a new 6R2 demo license from license.episerver.com, it throws the following exception:
Server Error in '/' Application.________________________________________A error occured while loading the license file ['=' is an unexpected token. The expected token is ';'. Line 1, position 102.]Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: EPiServer.Licensing.LicenseException: A error occured while loading the license file ['=' is an unexpected token. The expected token is ';'. Line 1, position 102.]
Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
[LicenseException: A error occured while loading the license file ['=' is an unexpected token. The expected token is ';'. Line 1, position 102.]]EPiServer.Licensing.LicenseData.Load(Stream stream, String licenseName, RSA key) +195EPiServer.Licensing.LicenseData.Load(String fileName, String licenseName, RSA key) +75
[LicenseException: A error occured while loading the license file.]EPiServer.Licensing.LicenseData.Load(String fileName, String licenseName, RSA key) +147EPiServer.Licensing.LicenseRuntime.InternalLoad(Assembly caller, String filename, String licenseName, String publicKeyResource) +285EPiServer.Licensing.LicenseRuntime.InternalLoad(String licenseFilePath, Assembly caller) +35EPiServer.Licensing.LicenseRuntime.LoadLicense(String absoluteLicenseFilePath, Assembly assembly) +96EPiServer.Licensing.LicenseRuntime.LoadLicense(String absoluteLicenseFilePath) +20EPiServer.Licensing.License..ctor(SiteElement siteElement) +148EPiServer.Licensing.SiteInformation..ctor(SiteElement siteElement) +540EPiServer.Licensing.License.get_CurrentLicenseUsage() +66EPiServer.UI.SystemPageBase.CreatePageTitle(String titlePrefix) +354EPiServer.UI.Edit.MasterPages.Frameworks.Framework.OnLoad(EventArgs e) +31System.Web.UI.Control.LoadRecursive() +59System.Web.UI.Control.LoadRecursive() +131System.Web.UI.Control.LoadRecursive() +131System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +678
We have also tried a 6R2 developer license and are faced with the same exception. This post talks about permissions that need to be granted to the license file. Does anyone know what these permissions are?
Thanks in advance for any help/inputs I can get.
The file permissions mentioned in that post is related to permissions on your disk. The appool user account that your site uses, must have Read access to the license file.
If it was pasted from another machine into the folder, it's possible that the Read permission was not inherited correctly, and must be set manually (right click the file > Properties > Security > (add your appool user with Read permission).
It's also possible the file has been blocked by Windows when it was downloaded/copied onto the machine. (The old "this file came from another computer" error, which may require you to Unblock it using Windows Explorer.)
Thanks for the response Arild
I had a feeling it would be that. Unfortunately that wouldn't work either.
Have you tried installing a plain demo site and using your license there to see if the license file is valid at all?
Does the same happen when you generate a partner developer license for the site instead of a demo license?
Which Episerver CMS 6 license type are you selecting from the dropdown list at license.episerver.com?(For partner developer license, there are "Episerver CMS 6" and "Episerver CMS 6 - 2012 model". Don't know if their formats are different.)
Well!! Issue is resolved.
It was to do with our email security scanning tools that intercepts the license emails and injects safe url’s in to the config file.
Thanks for the support guys.