i have a page with role based protection that redirects to a log in page to view it
about three times in the past couple of weeks it's just disapeared and anyone can view the page without being redirected to the login page
obviously this could easily be user error but other than a user right clicking on the node and choosing public access and then clearing the settings i can't think of a way this user error could happen
is there any other way this could be getting cleared?
the strange thing is there are quite a few nodes that have public access role protection set but it is only one that keeps changing - and this node inherits it from the node above it
I have just removed role based protection from a site. However it is still running.
This is quite a major issue as it means the site won't serve unless a member is logged in, okay well thats not so bad right? But no, it gets worse! Yes WORSE! OMFG!!! The role based protection seems to be applying its self across any HTTP request apart from files in the /Umbraco/ file. So it is also protecting the /umbraco_client/ folder, which means the backoffice loads with out any icons, which is ggggggreat (as a sarcastic tony the tiger would say!)
So Laurence what have you tried to fix this problem? Well let me see...
Removing Role based Protection.
Turning Role based Protection On and Off again.
Removing all cookies and cache.
Deleting the Login Node
Removing the Login Node from the Recycle Bin
Deleting the Template which contains the Login Logic
Removing the associated members/member groups/member types.
Delete the Umbraco.xml file,
Recycled App Pool & Reset IIS
Anyone have any idea which DB table/column would be storing this information, so I can manually reset it and get my lovely site back up!
Hmm interesting. I have deleted theses settings leaving just the root nodes in place (<access></access>).
Even more odd behaviour now, the root page of the site, stills tries to redirect to the login page (which doesn't exist), so throws a custom 404 error (which is managed via Umbraco).
I can browse the website and view pages, however any request to a folder such as /media/, /images/, /scripts/, /css/ get redirected to what was the login page (which now doesn't exist), along with a query string containing the URL of the page request.
Mad busy afternoon, but when I get some time I will document the steps you can take to completely kill an Umbraco install. Human error had its part to play.
I too am experiencing problems with the role based protection disappearing.
I have a site running 4.0.2.1 and also a site running 4.5.2 - on both of these the protection is disappearing.
On the older version I do have the "noRightsPage" set to the same node ID as the page as per below, so wonder if this causes a sparodic problem. Being an older site the config file is data/access.xml
With the 4.5.2 version I did find some nodes in the access.config file that no longer existed within the site. I have no idea how they got there, but have now removed them.
Can anyone provide comment on the above. Maybe these 2 findings can serve as a possible starting point to try and identify why the protection is disappearing...
Strange. The public access restriction is lost on root node (1050) when I restart web app. The acces.config looks perfect. If I update Public access (via Umbraco backend) the files gets updated as expected and public access restrictions works again. Until restart.
role based protection disappearing
i have a page with role based protection that redirects to a log in page to view it
about three times in the past couple of weeks it's just disapeared and anyone can view the page without being redirected to the login page
obviously this could easily be user error but other than a user right clicking on the node and choosing public access and then clearing the settings i can't think of a way this user error could happen
is there any other way this could be getting cleared?
I've noticed when I change the Roles (names only) in my database the Public Access settings of it get reset.
But I don't think you're changing those. :)
the strange thing is there are quite a few nodes that have public access role protection set but it is only one that keeps changing - and this node inherits it from the node above it
I have just removed role based protection from a site. However it is still running.
This is quite a major issue as it means the site won't serve unless a member is logged in, okay well thats not so bad right? But no, it gets worse! Yes WORSE! OMFG!!! The role based protection seems to be applying its self across any HTTP request apart from files in the /Umbraco/ file. So it is also protecting the /umbraco_client/ folder, which means the backoffice loads with out any icons, which is ggggggreat (as a sarcastic tony the tiger would say!)
So Laurence what have you tried to fix this problem? Well let me see...
It would appear lists don't work, sorry! Didn't mean to take up so much space. Lx
The "Public Access" permissions are stored in the ~/App_Data/access.config file (it's a simple XML structure).
As for why it would disappear - could it have been overwritten? or missing out of a deployment/migration?
It shouldn't impact access to the ~/umbraco, ~/umbraco_client folders ... unless you've got some security feature enabled at IIS-level?
Cheers, Lee.
Hmm interesting. I have deleted theses settings leaving just the root nodes in place (<access></access>).
Even more odd behaviour now, the root page of the site, stills tries to redirect to the login page (which doesn't exist), so throws a custom 404 error (which is managed via Umbraco).
I can browse the website and view pages, however any request to a folder such as /media/, /images/, /scripts/, /css/ get redirected to what was the login page (which now doesn't exist), along with a query string containing the URL of the page request.
All in all very odd! Lau
(nothing fancy going on with IIS either, just a standard out the box 2008 enterprise install, .net4.0, etc)
Tried also deleting the access.config file, it gets recreated as <access />
Arse.
Have now tried unpublishing the root page and then republishing, throws a 'root element does not exist' error, but does manage to publish the page. Lx
The error looks like this... (aww it's lovely)
Fixed! (: Horrah.
Mad busy afternoon, but when I get some time I will document the steps you can take to completely kill an Umbraco install. Human error had its part to play.
Hi
I too am experiencing problems with the role based protection disappearing.
I have a site running 4.0.2.1 and also a site running 4.5.2 - on both of these the protection is disappearing.
On the older version I do have the "noRightsPage" set to the same node ID as the page as per below, so wonder if this causes a sparodic problem. Being an older site the config file is data/access.xml
With the 4.5.2 version I did find some nodes in the access.config file that no longer existed within the site. I have no idea how they got there, but have now removed them.
Can anyone provide comment on the above. Maybe these 2 findings can serve as a possible starting point to try and identify why the protection is disappearing...
Thanks
Nigel
Strange. The public access restriction is lost on root node (1050) when I restart web app. The acces.config looks perfect. If I update Public access (via Umbraco backend) the files gets updated as expected and public access restrictions works again. Until restart.
Running Umbraco 4.7.0
Clues?
The access.config looks like this:
<access>
<page id="1050" loginPage="1060" noRightsPage="1115" simple="False">
<group id="Registration" />
<group id="Administration" />
<group id="Production" />
<group id="Approval" />
<group id="Export" />
</page>
<page id="1051" loginPage="1060" noRightsPage="1060" simple="False">
<group id="Registration" />
<group id="Administration" />
</page>
<page id="1052" loginPage="1060" noRightsPage="1060" simple="False">
<group id="Administration" />
<group id="Production" />
</page>
<page id="1053" loginPage="1060" noRightsPage="1060" simple="False">
<group id="Administration" />
<group id="Approval" />
</page>
<page id="1077" loginPage="1060" noRightsPage="1060" simple="False">
<group id="Administration" />
</page>
<page id="1155" loginPage="1060" noRightsPage="1060" simple="False">
<group id="Export" />
</page>
</access>
/Jesper
Sorry bout the formatting ...
had another strange thing with this yesterday
i have a single password protection on a site
and i changed the password
no matter what i do (remove public access protection, change password) the password stays the same
is working on a reply...