Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • RiMa 8 posts 119 karma points
    Jul 19, 2023 @ 12:29
    RiMa
    0

    Access Denied Path issue after recent security update

    After the recent security update, my umbraco 11 site no longer redirects to the 'no access' page specified in the AccessDeniedPath.

    services.ConfigureApplicationCookie(options => { options.LoginPath = "/login"; options.AccessDeniedPath = "/no-access"; });

    Do we know why or how to resolve this?

  • RiMa 8 posts 119 karma points
    Aug 07, 2023 @ 12:52
    RiMa
    0

    So, more information: we moved from Umbraco 11.2.2 to 11.4.2 during this security update on July 13, 2023. It seems that none of the ConfigureApplicationCookie settings are working now. I tried updating the ExpireTImeSpan - that is not working either.

    services.ConfigureApplicationCookie(options => { options.ExpireTimeSpan = TimeSpan.FromMinutes(480); options.LoginPath = "/login"; options.AccessDeniedPath = "/no-access"; });

    The member is still being logged out in 20 mins or so and if the member navigates to a page that they do not have access to, they see the IIS 403 page instead of this "no-access" page. Has anyone else seen this issue?

  • RiMa 8 posts 119 karma points
    Aug 09, 2023 @ 15:46
    RiMa
    100

    Resolved the access denied page issue by updating the ConfigureApplicationCookie code:

    services.ConfigureApplicationCookie(options => {

    options.LoginPath = "/login"; options.AccessDeniedPath = "/no-access"; options.Events.OnRedirectToAccessDenied = ctx => {

    // Explicit redirect is required to prevent Umbraco from overriding this behaviour with empty 403 response ctx.Response.Redirect(ctx.RedirectUri); return Task.CompletedTask; };

    });

    Also figured that the member was being logged out in 30 mins because we have a custom SSO authentication implementation, so we needed to add a custom Security Stamp Validator.

Please Sign in or register to post replies

Write your reply to:

Draft