You are not authorized to 'View a page' ('Pages')
After upgrading from 4.0 sp1 to 4.1 I'm getting the above error.
My site is setup as follows:
root\
root\members
root\members\module1
root\members\module1\page2
root\members\module2
root\members\module2\page2
Inside of SiteFinity, I have "Allow" page permissions for "Authenticated" Role to the \root\members and below folder so that I can redirect the users to a login page. I have "Deny" page permissions for "Anonymous" Role.
Firebug is showing this as an error code of 500 "Internal Server Error". Prior to upgrade, I was getting a 403 error and in my web.config I was sending this error code to my login page.
<authentication mode="Forms">
<forms loginUrl="~/login" defaultUrl="~/Members/" timeout="60" />
</authentication>
<customErrors mode="RemoteOnly">
<error statusCode="403" redirect="~/login" />
</customErrors>
The exception details on the page are as follows:
[UnauthorizedAccessException: You are not authorized to 'View a page' ('Pages').]
DynamicModule.ns.Wrapped_OpenAccessPageProvider_c8cea08814a147c9811230eacc92881d.GetPageNode(Guid id) +253
Telerik.Sitefinity.Modules.Pages.PageManager.GetPageNode(Guid id) +46
Telerik.Sitefinity.Web.SiteMapBase.GetFirstPageDataNode(PageSiteNode node) +144
Telerik.Sitefinity.Web.PageRouteHandler.GetHttpHandler(RequestContext requestContext) +128
System.Web.Routing.UrlRoutingModule.PostResolveRequestCache(HttpContextBase context) +8890312
System.Web.Routing.UrlRoutingModule.OnApplicationPostResolveRequestCache(Object sender, EventArgs e) +86
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +148
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75
I am getting the same error:
<authentication mode="Forms"> <forms loginUrl="~/Activities/ittest/test3"/> </authentication>Hello Abraham,
Can you switch back loginUrl to its default value? The <forms> setting never works - you always get redirected to ~/Login, regardless to what is the specified loginUrl. There is a config section Sitefinity >> Administration >> Settings >> Advanced >> Security >> Permissions >> Backend you can change the url in LoginUrl and AjaxLoginUrl boxes. That should allow you to change the backend login.
All the best,
Ivan Dimitrov
the Telerik team
Ivan,
Unfortunately, making this change to the settings in the database and restarting IIS I'm still get the same errors.
I created a sandbox SiteFinity website starting with a fresh 4.1 installation and I am able to reproduce the same error.
My website is running locally inside of IIS on a Windows 7 32 bit machine.
What else can I look at to resolve this problem?
Thanks,
Chris
Hi ,
"I created a sandbox SiteFinity website starting with a fresh 4.1 installation and I am able to reproduce the same error."
The sandbox websites are not upgraded to the latest version - Q1 release. Can you give me the steps you follow to replicate this issue on a new installation as you wrote.
Greetings,
Ivan Dimitrov
the Telerik team
Hi Ivan,
By "sandbox", what I meant was a completely new setup on my local development machine where I went through the SiteFinity ProjectManager to create a completely new website and database. I think I may have confused the term "sandbox" because I realize that Telerik will also setup a website where you refer to this as a "sandbox" as well.
1. What I did was in the c:\program files\telerik\Sitefinity 4.1 folder I clicked on the SiteFinity.exe project manager executable.
2. I created a new project that I named "Test". The sitefinity version is 4.1.1339.0
3. I then setup the same folder structure and permissions as I indicated below:
root\
root\members
root\members\module1
root\members\module1\page2
root\members\module2
root\members\module2\page2
Inside of SiteFinity, I have "Allow" page permissions for
"Authenticated" Role to the \root\members and below folder so that I can
redirect the users to a login page. I have "Deny" page permissions
for "Anonymous" Role.
Hope that helps.
Thanks,
Chris
Hi,
A user should see this error only if she / he tries to access the restricted page directly. The restricted user should not see any page on the navigation that she / he doesn’t have permissions for.
All the best,
Ivan Dimitrov
the Telerik team
Ivan,
As you can see from the thread, I stated that prior to my upgrade to 4.1 (was previously running 4.0 SP1) my user was getting a 403 redirection error and was being sent to my login page. Now I get this big nasty error showing up.
How am I supposed to work around this issue?
I have setup logic in my base master page on the load event, but when a hyperlink is clicked, there is no post-back to where my Master Page load event is fired. The error happens before the master page gets the postback.
I don't want to have to change every hyperlink to be a LinkButton as this seems unnecessary.
Maybe I could change the logic to render the hyperlink for the page to be something like "~\login?returnUrl="\members\module" or something to that effect?
What are your suggestions if I want to prevent a user from accessing a page until they have been authenticated?
I've asked this many times now in many different ways. Up until 4.1, the way I had it implemented was working.
Thanks,
Chris
Hello,
This is a bug in the product. I have logged it for fixing. The 403 status is not returned. I hope that we will be able to provide a fix in our internal builds before the official release of Q2.
Best wishes,
Ivan Dimitrov
the Telerik team
Has there been an internal release that fixes this? Can you think of any work arounds? This is really a problem because normally you would want to use links that point directly at a page and have the user automatically redirected to the login page.
Second that, we need a solution.
Redirecting to a login page when user does not have access seems like standard, out of box, basic functionality.
I've hacked into the membership provider authenticate method to redirect to login when a user is not logged in and requesting a page under my ~/Client/* section of the site. This is filthy hacky code and do not want to have to keep it there when we go to production.
cheers
Hello,
The issue should be fixed in the latest build that we have. You should get 403 status code.
Greetings,
Ivan Dimitrov
the Telerik team
The suggestion from Boyan at http://www.sitefinity.com/devnet/forums/sitefinity-4-x/developing-with-sitefinity/log-in-page-redirection-for-user-without-permissions.aspx was the only thing that worked for me. To summarize his fix, you add code to global.asax to handle unauthorized exceptions and redirect them.