Access Permission issue on Page/documents

Hello,
We have developed an application using Sitefinity 4.1. We have permission based access for Pages and uploaded documents like pdf, doc,etc. We have assigned role to the pages and documents. If user requests for the the particular page or document and he/she is having that Role permission then only could access the same. We have created one customised page if user has not permission then it redirects to our page for further process.

But we are facing one unexpected issue in our site. If user is having any Role set and requests for the page which is also having same Role then also it redirects to our unauthorized page which should not happen.  
We are using the User, Roles and Permission functionality provided by Sitefinity only.

I would also like to mention you that this issue occurs randomly, not for all the cases. Could you please let us know what is wrong there? What else settings require for this?

Waiting for your response as it becomes blocker for our live application.

Thanks
Jesse

Hi Jesse,

Could you please explain this sentence - "If user is having any Role set" - does this mean that the user has some other Role and not the one that allows the access? You mention that you use SF 4.1 - the current version is 4.2 and in the beginning of next week we will release 4.2 SP1. There are many issues related to the security fixed in the latest version so I strongly advise you to upgrade.

Hello Lubomir,

I meant to say that we have Role based access on pages and documents. Our scenario is that we have set the Roles for pages and documents. So if user is assigned with same Role then only he/she can access that Page or document. If he is not having that Role then we redirect the user to our customised Page.
But here we are facing issue that User with same Role could not able to access the page/document and is refirected to our unautharised page which should not be happen.

This happens not for all the time however in some cases. We are using the User, Roles and Permission functionality provided by Sitefinity.

And also as you mentioned in your reply that we would have to upgrade to 4.2 SP2. Is this a cause for this security related issue.

Please let us know the solution on this so that we resolve this weired issue.

Awaiting for your reply.

Thanks
Jesse

Hello Jesse,

This is really a strange issue. Could you provide us with more details where and how do you set your permissions and roles for the pages and documents? Ideally it would be best if you gave us access to your Backend with credentials so we could inspect what exactly is going on. Seeing this is a forum post I would recommend to do that in a support ticket.

Hi Lubomir,

Thank you for support.

After some try I have found something strange thing.  I found there is something problem and difference when we use the document access link with ?Status=Master and without it in query string. Following is scenario which I recently faced.

1) Try to access below url
https://www.casas.org/docs/topspro-updates/topspro-enterprise-installation-guidev1-0.pdf?Status=Master without login: It will redirect you to the login page. Once we do login it redirects to the no access page.   When it redirects it doesn't contain the ?Status=Master query string.

2) Now after successful login try to access url https://www.casas.org/docs/topspro-updates/topspro-enterprise-installation-guide-v1-0.pdf?Status=Master and you will be able to see the pdf document.

3) Now after successful login try to access url (without ?Status=Master) https://www.casas.org/docs/topspro-updates/topspro-enterprise-installation-guide-v1-0.pdf   it will redirect to the access request page.

In summary I have noticed without the query string ?Status=Master it is creating problem.

To check you can use below credentials. 
User Name: janak.drji@gmail.com
Password: janak123

If you still need admin user then I will create one for you to access backend.

Regards,
Jesse

Hello Jesse,

How do you open this URL:

www.casas.org/.../topspro-enterprise-installation-guide-v1-0.pdf

I copy the link and paste it directly in the browser address bar. Then when I login a get redirected properly to the PDF document.

Hi Lubomir Velkov,

The problem happens very randomly. Some time it properly loads the pdf and other files but some time it redirect to the "Not authorize page" which we configure in web.config when there is no access on page. I did check  Event Viewer or windows and found following frequent errors.

1)  Exception message: You are not allowed to view this library item
2)  Exception message: The remote host closed the connection. The error code is 0x800704CD.

I don't know why these errors generated even though the user have proper access on documents.

Best Regards,

Janak Darji

Hi Jesse,

Error code 0x800704CD generally means that the user started to download a file, and then it either failed, or they cancelled it. Some thoughts on how to reproduce the error, since if it happens randomly I cannot establish a specific problem. Check if during the loading of the PDF file you are logged to the Backend - as Administrator or some other role. This might be important.