User Login Error - You are not authorized to 'View a page' ('Pages').
I am just starting to create the permissions for a set of 80 roles created using AD roles. When testing with a couple of users they are getting the error below when trying to log into the backend. I have made them backend users in their profile.
Attached is a screen shot of their permissions. There seem to be some new ones in 4.1 and I am not sure if additional values need to be checked. I cannot find descriptions for what these are or even what has to be enabled to allow basic access. I am curious if "Access publishing system backend pages" has to be checked for them to get to the dashboard of the back end.
I really only want these users to be able to edit their content and upload docs and images to their specified album/library. I don't want them reordering pages or adding properties to pages.
I have given full modify permissions to Network Service for the App_Data folder but I am getting the following error when they try to log in.
I can log in fine but I don't have rights to Access publishing system backend pages".
Any ideas?
Anthony
You are not authorized to 'View a page' ('Pages').
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.UnauthorizedAccessException: You are not authorized to 'View a page' ('Pages').
ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically MACHINE\ASPNET on IIS 5 or Network Service on IIS 6 and IIS 7, and the configured application pool identity on IIS 7.5) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.
To grant ASP.NET access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.
Source Error:
|
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. |
Stack Trace:
|
[UnauthorizedAccessException: You are not authorized to 'View a page' ('Pages').] DynamicModule.ns.Wrapped_OpenAccessPageProvider_19f48168859f41d5a00c78e661dcb103.GetPageNode(Guid id) +253 Telerik.Sitefinity.Modules.Pages.PageManager.GetPageNode(Guid id) +46 Telerik.Sitefinity.Web.SiteMapBase.GetFirstPageDataNode(PageSiteNode node) +144 Telerik.Sitefinity.Web.PageRouteHandler.GetHttpHandler(RequestContext requestContext) +128 System.Web.Routing.UrlRoutingModule.PostResolveRequestCache(HttpContextBase context) +8890312 System.Web.Routing.UrlRoutingModule.OnApplicationPostResolveRequestCache(Object sender, EventArgs e) +86 System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +148 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75 |
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.1
Okay I have now gone into the BackendPages permissions and given all Backend Users permissions to see all of the pages. Now they can log in and see the dashboard. In looking at these pages separately, it looks like they do not have inheritance.
Do I have to go and add each of my 80 roles to view Pages, Documents and Files, Images, Events and so forth throughout the backend for them to be able and edit their content pages using the backend??
Anthony
Hi Anthony,
Thank you for using our services.
Can you please clarify which version of Sitefinity 4 are you using. We have had similar problem with users coming from ActiveDirectory and Sitefinity 4.0 and 4.0 SP1. The problem was that for the roles of your AD users you would have to go to the backend pages and additionally specify view permission for the modules' respective backend pages.
We have fixed this behavior in Sitefinity 4.1 and now once you specify CRUD permissions for roles coming from ActiveDirectory you only need to give assign the respective AD users to the Backend Users role.
Greetings,
Radoslav Georgiev
the Telerik team
Edit: I went from 4.0 to 4.1.
That is essentially what I have done. I have given all users backend rights. I then went into the backend pages and gave Backend Users View permissions to Pages and Content. Then went into the frontend pages, broke inheritance, and changed the Edit permissions for each page group to be that of specific departments.
The problem I now run into is that individuals can go to their their pages (pages they are not allowed to edit are greyed out, perfect) they can open the page in the backend and open the Content Block to edit the content, however none of my users are able to Publish, Send for Approval or anything other than save as a draft. Even after going in and giving my publisher roles modify rights to the pages on the front end they cannot make the changes.
Do I need to give all backend users modify rights to Pages in the Backend as well?
Is there any way to allow a users to publish, approve a page without allowing them to reorder the sitemap? I am kinda scared with so many users they will accidentally drag and drop a page group and break my navigation.
Than you for your reply.
Anthony
Hello Anthony,
We have fixed this behavior in Sitefinity 4.1 SP1. Now what you need to do is to provide rights for users to edit the modules and assign them to the Backend Users group. Then you do not need to go to Backend Pages and give view permissions to the users from the AD provider as those will be applied automatically.
Kind regards,
Radoslav Georgiev
the Telerik team
thanks. I had pretty much got that far. My newest problem was that my LDAP users received a message saying they did not have rights to modify a page when they were sending a page for approval or for publishing.
I had not given users modify rights because I did not want them to be able to change page titles, page hierarchy or URLs and mess up my custom navigation. Even after giving them full rights they were not able to do send for approval or publishing.
1) Do users have to have modify permissions to be able to change page title and properties?
2) does SP1 fix LDAP users getting the error message about lack of permissions to modify pages?
Thank you.
anthony
Hello Anthony,
Here is how currently the page permissions work:
1) Create widgets and layout elements - allows users to add layouts and widgets.
2) Edit page content permission - allows users to modify page content - edit controls and layouts (does not include publish).
3) Create page - allows users to create pages.
4) Modify page - allows users to modify page page properties and publish pages, revert to a previous version of a page.
5) Delete page - allows users to delete pages.
The others are pretty much self explanatory. There is a in issue with page permissions logged for fixing. We have also reviewed the naming of page permissions and are going to change them in order to be more descriptive.
Greetings,
Radoslav Georgiev
the Telerik team