I've set up a Content Manager role and assigned the role CRUD permissions in the 2sxc content module. Logging in as a user in the Content Manager role I see the edit icon, clicking on it I am able to edit the content (all as expected), however when I click on Save, I get a alert that pops up saying that Authorization has been denied for the request, despite having CRUD permissions...
Any thoughts on what I can change to have this message not popup and have the permissions actually work as expected?
(Can't get Draft CRUD only to work either... but that's a different issue)
I am using the 2sxc Content version 10.25.2
Related
I'm trying to limit the ability for user accounts to be created. My host has noticed spam activity on my account and has suggested that it is being generated by accessing the user account creation script directly.
When I try to access that feature in Drupal 7, the Setting tab doesn't render correctly. Fields and Display tabs function correctly.
Screen Snap
If your host is right about the script being accessed directly, then your site might be hacked.
Since you also have problems with rendering of the settings tab, I would execute these steps in this order:
Follow the instructions for updating Drupal, starting with backup of
the database and the files:
https://www.drupal.org/docs/7/updating-your-drupal-site/update-procedure-minor-version-change
Set secure permissions for files and folders: https://www.drupal.org/node/244924
The second step alone might help stopping the user creation by direct access to the script, but it will not get back the original settings tab.
In back-end go to Configuration -> People -> Account settings. There is a section Registration and cancellation and Who can register radio buttons group where you can forbid anonymous user create account. If that's already set well and people are still registering then it really is possible that your site has been hacked.
I have an asp.net mvc web application, and inside my Content folder I have items such as the site.css, the logo , ajax.png.
I thought that the asp.net mvc will prevent the users from accessing the Content folder item directly, and these items can only be viewed when called from an action method, or atleast from an authenticated users . Currently if a user (how did not login to the system) types the following
https://..../OurProject /Content/ajax.png
he will be able to see the image directly .i am not sure if this is a security problem, or it is normal to have such ability?. Baring in mind that I have used the [Authorized] annotation inside all the controller classes, but seems that the content folder items can be viewed by unauthenticated users?
can anyone advice ?
Thanks
I want to give a user role access to the content properties tab for my pages in Kentico CMS. I have managed to make the tab visible via Module properties however i still get the message stating that they do not have correct permission.
I cannot seem to see anywhere that will let me provide access to this area.
Have you setup the correct UI Personalization options for that role ?
http://devnet.kentico.com/Blogs/Petr-Vozak/January-2010/Kentico-CMS-5-0---UI-personalization.aspx
Is UI Personalization enabled ? Site Manager -> Settings -> Security & Membership -> Enable UI personalization
Have you made sure that user role has rights to CMSDesk itself ?
i am trying to enable roles in asp.net but,i am getting few errors and after trying my best i am not able to get them resolved.
I am new to visual studio interface. I tried creating a login page as ASP.NET web application. Then as we have to configure the page to connect to the database to retrieve user details, i clicked on the ASP.NET configuration under Website control.. I was taken to the configuration page with three tabs.. Security was the tab that i was supposed to configure.. But i am not able to go through to the security tab. I get the following error message.
There is a problem with your selected
data store. This can be caused by an
invalid server name or credentials, or
by insufficient permission. It can
also be caused by the role manager
feature not being enabled. Click the
button below to be redirected to a
page where you can choose a new data
store. The following message may help
in diagnosing the problem: Unable to
connect to SQL Server database.
I also clicked on the button to select a new data store, but there was only one default data store available.
i enabled my role manager tag to true,but again i am facing the same problem
Any process to configure the security tab would be helpful.
Use steps below:
Configure your database in order to maintain ASP.NET Application Services. You can see here how to do it
Edit your web.config file. See details here
Go to ASP.NET Configuration Tool under Website control and create required roles.
I've built a new sharepoint site page using the example I found here:
Link
The purpose of the page is to add a new user to the aspnet membership database that serves as the authentication provider for my sharepoint site, which uses forms based authentication.
I've slightly customized the asp createuser control.
The sharepoint site is forms based but the top level site is accessible anonymously, and I've created a subsite for members (hence the user registration page). The site page is in the top level site so that people can register.
If I'm already logged in and fill out the form, the user is successfully added to the membership store, however if I access the page anonymously and fill out the form, the user is successfully added to the membership database, but I can no longer navigate the website, I keep getting http 500 page cannot be displayed errors until I clear the browser cache and cookies.
I don't think it's a programming error but more likely something to do with site security and authentication
Once the user is created successfully and page is redirected to the one you provided in ContinueDestinationPageUrl property, the page is being loaded with the recently created user’s credentials. Since you haven’t added this new user to your MOSS site, you’ll get Access Denied error. So, in order to resolve this issue, you need to set LoginCreatedUser property of the control to false, so that page is loaded with the original user’s credentials, not with the one’s recently created.