Security roles seem broken on one site

I seem to have totally screwed up the security roles settings on one of my child portals. If I log in as the Master Admin for the parent portal, I have full access, but if I log in as a user who has been given edit access to a module, the instant I click on "Edit" or "Add" for the module (just about any standard DNN module), it either bounces the user back to the login page, or just clears their login as if they had never logged in.

I got to digging around, looking at various settings and somehow this portal's User Registration had been set to "none". I have no idea when that was done, but I do know that at one time everything was working correctly.

I have set registration back to public, tried deleting and re-registering users, removing all security roles and re-setting them up, everything I can think of but re-creating the site from scratch, (there's a fair amount of work on this site already--too much to start over).

Can anyone suggest what else to try?

This is a real bummer.
Jim


MS MVP ASP.NET [VC++/MFC emeritus]


Old Dog Learns New Tricks

Preferred programming language: cuneiform on clay tablets
0
JimRoss
9/27/2005 11:47:14 PM
asp.net.dotnetnuke 25171 articles. 0 followers. Follow

10 Replies
758 Views

Similar Articles

[PageSpeed] 40
Get it on Google Play
Get it on Apple App Store

Hmmm... looking further, it is even worse. Every site within this portal has been set to "none" on registration. I just tried creating a new portal and it came out "none" as well. 

Something has really trashed this whole installation, and I have a LOT of time and effort in it. Way too much to re-create at this stage of the game.

HELP.
Jim


MS MVP ASP.NET [VC++/MFC emeritus]


Old Dog Learns New Tricks

Preferred programming language: cuneiform on clay tablets
0
JimRoss
9/28/2005 12:12:41 AM
Is this all running locally, or in a production (server test) environment?
ChrisHammond.com
Engage Software
0
christoc
9/28/2005 3:51:17 AM
I am having a very similar problem...

The problem occurs any time I am logged in as the admin account on one particular portal.  If I edit any module that uses a texteditor control, as soon as I click "update", the user is logged off and sent to the login screen.  The problem does not occur when logged in as host.   It does not occur when editing a module that does not use a texteditor control.  I can add/delete modules from the page just fine.  The problem also does not occur when logged in as an admin on another portal on the same installation.
0
mathisjay
9/28/2005 1:36:19 PM

 christoc wrote:
Is this all running locally, or in a production (server test) environment?
It's a "pre-release" site, running on a commercial host (ServerIntellect). I do not think the problem is with the host, I think it's something in the security settings within DNN.

 

 


Jim


MS MVP ASP.NET [VC++/MFC emeritus]


Old Dog Learns New Tricks

Preferred programming language: cuneiform on clay tablets
0
JimRoss
9/28/2005 2:24:39 PM
 mathisjay wrote:
I am having a very similar problem...

The problem occurs any time I am logged in as the admin account on one particular portal.  If I edit any module that uses a texteditor control, as soon as I click "update", the user is logged off and sent to the login screen.  The problem does not occur when logged in as host.   It does not occur when editing a module that does not use a texteditor control.  I can add/delete modules from the page just fine.  The problem also does not occur when logged in as an admin on another portal on the same installation.
If by "update" you mean click on the "edit" text or symbol, then that is exactly what is happening to me, but on non-Admin accounts.
Jim


MS MVP ASP.NET [VC++/MFC emeritus]


Old Dog Learns New Tricks

Preferred programming language: cuneiform on clay tablets
0
JimRoss
9/28/2005 2:38:22 PM
Does this happen for ANY module type?

Also, my problem seems to have started with new portals created after I upgraded to 3.1.1.  Portals on the same installation that were created pre-3.1.1 are still working just fine.  Very wierd.
0
mathisjay
9/28/2005 2:58:29 PM
 mathisjay wrote:
Does this happen for ANY module type?

Also, my problem seems to have started with new portals created after I upgraded to 3.1.1.  Portals on the same installation that were created pre-3.1.1 are still working just fine.  Very wierd.
My installation was 3.1.1 from the beginning. I am seeing this same effect in the Announcements module -- click on edit an announcement or Add an announcement and it logs out the user.

In reconstructing what happened, here is my "best guess"  I haven't tried to repro it yet.

I have a parent portal and a number of child sites. I think that in one of my brilliant moments I decided that I didn't want users registering on the parent portal, only on the child sites, so I set Registration to "none" on the parent portal. I _think_ this is what broke everything. I _think_ that the "none" propagated out to the child portals, and when that happened, it broke the hookups between roles, users, role assignments to users and module edit permissions.

I have managed to get one of the child sites working correctly again by re-registering all users, re-creating all roles, re-setting user role assignments, then removing and re-creating all of the pages that were behaving this way. It was a LOT of work.

If I'm right in what caused it, we have uncovered a MAJOR Gotcha in DNN. Fortunately, this whole collection of sites is mostly just a concept right now that will not see real production use for at least a month, but it had me tearing my hair (and other things) out last evening.
Jim


MS MVP ASP.NET [VC++/MFC emeritus]


Old Dog Learns New Tricks

Preferred programming language: cuneiform on clay tablets
0
JimRoss
9/28/2005 3:15:49 PM

I have just discovered my problem was specific to child portals and using the telerik r.a.d.editor.  The core problem was that users on the child portal were not users on the parent portal.  If I went and recreated the user account on the parent portal, the problem went away.  Obviously, not a good long-term solution. 

I was able to work around the problem by removing one of the plug in modules from the editor, however it did expose an issue that there is some process whereby child portals are trying to reference portal membership or perhaps security roles for the parent portal. 

Does your issue only happen on child portals?

0
mathisjay
9/28/2005 4:21:49 PM
 mathisjay wrote:

I have just discovered my problem was specific to child portals and using the telerik r.a.d.editor.  The core problem was that users on the child portal were not users on the parent portal.  If I went and recreated the user account on the parent portal, the problem went away.  Obviously, not a good long-term solution. 

I was able to work around the problem by removing one of the plug in modules from the editor, however it did expose an issue that there is some process whereby child portals are trying to reference portal membership or perhaps security roles for the parent portal. 

Does your issue only happen on child portals?

So far I haven't tested it on the parent, but one thing I'm sure of -- I am not using the Telerik editor, I'm using the standard "free text box"

This is a major bummer. I had the home page on the child where this originally turned up, but now it is happening again.

I did try adding the user to the parent portal, and that seems to have corrected the problem, but what a bad news bandaid.


I wonder if there's any way to escalate this?

Jim


MS MVP ASP.NET [VC++/MFC emeritus]


Old Dog Learns New Tricks

Preferred programming language: cuneiform on clay tablets
0
JimRoss
10/1/2005 12:29:59 AM

I have now tested this problem on another portal, and things seem to be working OK there. To recap:

On a "properly" working installation, it is possible to add users to a child portal and give them "edit" access to modules and all works as one would expect -- the user logs in and is able to edit the modules to which they have access.

But on some installations (mine, for example), a user must be set up on both the main portal and the child in order to edit on the child. If they are not, when they click any "action" button (edit content, add announcement, etc), or even move from one page to another where they should have edit permissions, they are instantly logged out. Something has gone bad in the database where these users are being managed.

Once a parent is "broken" this way, it also seems that newly added portals exhibit the same behavior.

The one clue I have is that on my installation, I changed the main portal to "no registration". The problem seems to have started there. That change seems to have propagated down to the child portals, and now it doesn't matter that I have set everything back to "public registration".

One user has reported that it seems related to the Telrick rad editor, but my installation is not using that editor, so I think there is something else going on here.

At any rate, one thing is for sure -- until the core team figures this out, NEVER SET YOUR PARENT PORTAL TO NO REGISTRATION.


Jim


MS MVP ASP.NET [VC++/MFC emeritus]


Old Dog Learns New Tricks

Preferred programming language: cuneiform on clay tablets
0
JimRoss
10/4/2005 1:00:38 PM
Reply:

Similar Artilces:

returning from secure site to non secure site
Hi, I want to return from secure site to non secure site using Response.Redirect method but it stays in secure site dowsn't redirect to non https site. How can I fix this problem, and why it is a problem. Kind regards,Fatih UÇAR To redirect between a SSL site to a non SSL site, you have to specify the full qualified url (including the protocol) as the parameter for response.redirect. For example: Response.Redirect("http://.....") or Response.Redirect("https://.....") Thanks zhuhua for your answer yes I have specified fully qualified name that's why an alert box appears by i...

One user's advanced search seems to be broken, while all other's seem to be fine
Greetings, Following upgrade from 2.22.3 -> 3.0.3, one user (a manager of course), noticed that all his advanced searches were returning zarro boogs. If I perform those same queries, I get the proper results. If I email him the URL for the results of that query he sees the proper results. Additionally, I cannot seem to "impersonate" this user, though I can any others. He was in the admin group, but I've removed him from that group. This is on RHEL3 with Perl 5.8.0 Any sugguestions on how to track down the cause of this would be most helpful. Thanks, B...

When loading gmail must always "reload" once unless using the secure loading site. When using the secure loading site loading takes four times as long. So I don't use the secure loading site, I just
Name: Dwight Metcalfe Email: dwmet1atgmaildotco Product: Firefox Summary: When loading gmail must always "reload" once unless using the secure loading site. When using the secure loading site loading takes four times as long. So I don't use the secure loading site, I just "reload" the other site once automatically just to save time. Hmmmmmmmm. Comments: Only been doing that about a month. Browser Details: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 From URL: http://hendrix.mozilla.org/ Note to reade...

Duplicate Security Roles Showing up In Security Roles Manager
Anyone have any ideas?  We have had and instance of 3.0.13 with one child portal running for about a month now.  A few days ago our adminstrator noticed that we have duplicate entries for security roles. For example, the Security Roles Manager shows:Name Description Fee Every Period Trial Every Period Public Auto   Administrators Portal Administration         False False   Administrators Portal Administration         False False  Registered Users Registered Users    &n...

site to site VPN with one static IP and one dynamic
I would like to know if it is possible to do a site to site VPN using Bordermanager 3.6 (the version that comes with SBS 6.0), on both locations. One location has a static IP address and the other one is dymamic. One additional problem I have is that both these Bordermanager servers are behind a NAT device. Can this be done? Thank you. Bob Harpur wrote: > One additional problem I have is that both these Bordermanager servers are > behind a NAT device. This is your show stopper for sure. Can't do that with BM36. -- Lance Reynolds, CNE Can this be done ...

The new Firefox 3.5
Name: Daniel Email: bossennewpatgarrifuliodotmailexpiredotcom Product: Firefox Summary: The new Firefox 3.5 - when using same username for different sites with different passwords, when I save the password on one site, the one in the other site changes too. Comments: The new Firefox 3.5 - when using same username to log on to two different websites with different passwords, when I save the password on one site, the one in the other site changes too. I cannot save different passwords for same username on different sites. Hope you can fix this. Keep up the good work. Brow...

How Do I: Secure my Site using Membership and Roles?
I was following the subject video in Web Developer 2005 Express and I experienced two problems I have been unable to resolve.  In the Create User Wizard object, when I drop the object in the page and run a test, it works fine.  But when I add the custom WizardStep as in the video, and rerun the test, the only step to appera is the custom step--the initial and final steps no longer appear.  I have rerun this development step a couple of time following the video action by action with the same result.  Any idea what is going wrong.  Later in the same video there is a ...

.NET site sub-dir of .NET site, TemplateSourceDirectory returns null
Hello, Should be an easy answer for anyone familiar with .NET hosting / IIS / permissions...  Please help! This site was working for going on 2 years, build in VS 2003, minus unexpected system crashes, config changes, incompatible upgrades, etc. done by my hosting company (I will be moving soon!)  Yes, I am re-writing with master pages and the works in 2005 - but would like to get the old site up until I can publish the new one. I have a main site as, for example:  mysite.com/I have admin site as a sub-dir of my base site. physically literally a sub directory named securedi...

Site Security is Broken under IIS7 but not IIS6
Hi, Sorry, but i posted something in the security forum, but nobody seems to check there. Hopefully I can get some responses here. I just moved my app to iis7 and i am now getting this error. Everything worked fine under iis6. Now my security is completely broken. i'll include a snippet of code of my custom identity and the error. Any help would be greatly appreciated. Thank you. error: Unable to cast object of type 'System.Web.Security.FormsIdentity' to type 'cbgIdentity' "Return CType(HttpContext.Current.User.Identity, cbgIdentity).Roles.Co...

Advanced .NET only
Note - sorry about the double post, but I dont know if this a client side problem or a scurity problem. I have a page that has a search datagrid on it (search.aspx). This datagrid has a hyperlink column where you can view more details on each of the row entries (by going to details.aspx and passing the id through the URL field) Preety standard stuff so far, but...... I created a back button on the details.aspx page so that the user can go back to the search page. This works great on my Windows 2000 Professinal machine with IE version 6.0.2800. So I put this onto my server. It st...

no security lock on secure site
Name: David Armitage Email: gda141atgmaildotcom Product: Firefox Summary: no security lock on secure site Comments: I have version 3.0.1 Firefox and it is not displaying red & yellow change in the address bar or the lock symbol when I'm on a secure site. Is there a problem with this version of Firefox or do I have a security problem on my machine? I'm using both Norton and Adware security software. Thanks Dave Armitage Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 From URL: http://hendrix.moz...

security for Statemanagement in Secure site
Hi All,   Can anybody tell me what type of security regarding stateManagement should we take while developing secure site.  Thanks in advance   Regards Shreeniwas...

Broken, Broken, Broken
Name: Randy Jones Email: rjonesatisfladotcom Product: Firefox Summary: Broken, Broken, Broken Comments: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 1)Cannot sort by name my bookmarks; 2) When trying to "fly down" to a bookmark, the menus reqularily close and I have to start over; 3) What happened to address history at the right end of the address bar. You have obviously made this browser "pretty" but it is broken, broken, broken. Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9....

Transfer value from one site to another securely
Hi all, I have a situation where I need to transfer a value from one web application to another web application on another server. I do not want to use query string because I do not want the transferred valued to be seen. I need to make it secure as possible. Once the value gets to the other site, it will be read and used to lookup information. Thanks Alexander You can enrypt the query string value before passing it. And later you need to decrypt it to get actual value. Visit @ Encrypt Password Field in SQL Server, Registry Information & Query String~ Firoz AnsariPune, In...

Web resources about - Security roles seem broken on one site - asp.net.dotnetnuke

Krebs on Security
The House Financial Services Committee is slated to hold a hearing this Friday on the impact of cyber heists against small- to mid-sized businesses. ...

Security Middle East - Latest news from the Middle East.
Security Middle East is a news portal for the entire security industry, focussed specifically on latest security news from the Middle East. Security ...

Information Security News, IT Security News & Expert Insights: SecurityWeek.Com
IT Security News and Information Security News, Cyber Security, Network Security, Enterprise Security Threats, Cybercrime News and more. Information ...

Security (finance) - Wikipedia, the free encyclopedia
equity securities, e.g., common stocks ; and, The company or other entity issuing the security is called the issuer . A country's regulatory ...

Online account security: lazy authentication is still the norm
Even in the high-tech world of 2016, crims will be able to side-step your account security by making a phone call and saying they're you.

Stadium security beefed up in wake of Paris attacks, Sydney FC boss says
Security at Australian stadiums has been increased in the wake of terror attacks in Paris, the CEO of the Sydney FC football club said on Sunday. ...

China vows to safeguard food security amid reforms: Xinhua
China vows to safeguard food security amid reforms: Xinhua AG Week BEIJING - China will take steps to ensure sufficient food supplies as it ...

Security increased in Vienna after alert of potential attack
Firstpost Security increased in Vienna after alert of potential attack Boston Herald Police in Vienna, Austria, have stepped up security precautions ...

Rubio-Bush War Intensifies With Ad Hitting Marco’s Choice To Fundraise While Skipping Security Briefings ...
Rubio-Bush War Intensifies With Ad Hitting Marco’s Choice To Fundraise While Skipping Security Briefings

Residents In Nine States Could Need A Second Form Of ID To Pass Through Airport Security Next Year
Ten years ago, Congress passed the REAL ID Act, which set minimum security standards for state-issued driver’s licenses and photo IDs. While ...

Resources last updated: 12/30/2015 11:25:57 AM