Vulnerability in EPiServer.Forms
I am trying to connect a clean new Episerver11-solution to our companys Active Directory to use for logins and role management. The connection seems to be made, but im not able to login with any account, and its hard to troubleshoot since no errors are thrown and no logs are made. Any ideas as to what I'm doing wrong?
I've followed the setup guide for the AD-provider, the account im using to connect is working in a LDAP-browser, and the login im using is correct.
If I try with a faulty username/password for the AD-connection I get a warning saying "wrong username or password", so some sort of connection to the AD is made.
If no error message is displayed when you try to log in to edit/admin mode, have a look at <location path="EPiServer"> section inside web.config and check which users/roles are allowed to access Epi inside authorization section.
That was it, its working nice now, thank you!
Sort of related to https://world.episerver.com/Modules/Forum/Pages/Thread.aspx?id=198319. I would recommend setting virtual roles in the location(s) configuration and then just map your AD roles to the virtual roles instead.