Access denied in EPiServer.PageBase.GetPage() after upgrading from CMS 5

Vote:
 

Hello,

We have a problem on a website that was migrated from CMS 5 to CMS 6.2. The problem occurs on pages that have acces set for certain user group (for example the group 'Press')

When a user is logged in and the user is part of the group 'Press', everything goes well. The page is displayed as expected.

When a user is not logged in and navigates to the page, everything goed as expected too. The OnPreLoad is fired, which checks the access rights, and the AccessDenied on the basePage is fired, since the user has no access rights.

When a user is logged in, but the user is not part of the goup 'Press', an AccessDenied exception is thrown. The page.OnPreLoad is not fired, and also base.AccessDenied is not fired. We only get the following exception (i have replaced the customer and companyname with [censor], for privacy reasons):

 

Access denied

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: EPiServer.Core.AccessDeniedException: Access denied

Source Error:

Line 1:  <%@ Page language="c#" AutoEventWireup="false" MasterPageFile="~/Templates/[censor]PublicWeb/MasterPages/Base.master" Inherits="[censor]PublicWeb.Templates.[censor]PublicWeb.Pages.Distributors" Codebehind="Distributors.aspx.cs" %>
Line 2:  
Line 3:  <asp:Content ID="Content1" ContentPlaceHolderID="head" Runat="Server">

Source File: d:\Dev\[censor]\trunk\source\[censor]\Templates\[censor]PublicWeb\Pages\Distributors.aspx Line: 1

Stack Trace:

[AccessDeniedException: Access denied]
   EPiServer.PageBase.GetPage(PageReference pageLink, ILanguageSelector selector) +354
   EPiServer.Web.PageExtensions.SaveCurrentPage.get_CurrentPage() +264
   EPiServer.PageBase.InitializeCulture() +127
   ASP.templates_[censor]publicweb_pages_distributors_aspx.__BuildControlTree(templates_[censor]publicweb_pages_distributors_aspx __ctrl) in d:\Dev\[censor]\trunk\source\[censor]\Templates\[censor]PublicWeb\Pages\Distributors.aspx:1
   ASP.templates_[censor]publicweb_pages_distributors_aspx.FrameworkInitialize() in c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\55ef35df\b0e415f6\App_Web_tevelj36.4.cs:0
   System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +55
   System.Web.UI.Page.ProcessRequest() +91
   System.Web.UI.Page.ProcessRequest(HttpContext context) +240
   ASP.templates_[censor]publicweb_pages_distributors_aspx.ProcessRequest(HttpContext context) in c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\55ef35df\b0e415f6\App_Web_tevelj36.4.cs:0
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +599
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +171


Version Information: Microsoft .NET Framework Version:2.0.50727.5456; ASP.NET Version:2.0.50727.5456

I find it strange that it only occurs when a user is logged in, but has insufficient access rights. I don't now how and where to fix this, since no page event is fired at all.

This was not a problem when the site was CMS5, but in the SDK it states that GetPage does not raise AccessDenied exceptions since version 5.2.375.236, but did before. To me, it looks the other way around...

http://sdk.episerver.com/library/cms5/html/M_EPiServer_DataFactory_GetPage_1.htm

 

Any help would be greatly appreciated!

Jasper

#60599
Aug 16, 2012 15:33
Vote:
 

The SDK you are refering to is DataFactory, but the exception is from the base class of the template (PageBase.GetPage) where we do actually check access rights. If the user is logged in we don't redirect to the login page but just throw to not hide a problem and let the error handling display a friendly message instead.

You may for example override GetPage in your template if you like to deal with this situation in some other way or call DataFactory directly to avoid the access check.

#60622
Aug 17, 2012 15:12
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.