Windows Plesk Hosting - Frequent 401(Unauthorised) error on Umbraco 11 backoffice requests - keeping User logged out
Hi,
Kindly note that we have deployed the plain Vanilla copy of Umbraco 11 in Windows Plesk hosting.
The Umbraco installation and all worked well but when trying to login into the back office, the backoffice api requests are met with 401(Unauthorised) error which is causing the user to instantly logout.
Please refer the below screenshot,
Has anyone faced similar issues with Plesk hosting? We already spoke with the hosting team and they have confirmed that every security firewalls have been disabled or bypassed from their end, but still the user session does not persist.
We had a similar issue with one of our sites - I think it was something to do with in-process/out of process hosting model.
I will check with my co-worker to see what we ended up doing to solve it.
One thing we noticed comparing it to a differnt "correctly" running application was that the auth cookies had different "expire at" times, even though they were set up identically.
Just had a quick catch up with my colleague and we remembered that the issue was related to the application picking up the underlying host's domain name for the application eg (something-really-ugly.myhost.com), while you are trying to access the site though your custom domain name.
we fixed it by adding the following to the Umbraco->CMS section of the appsettings file:
When Umbraco boots and this setting is not set, then the application guesses this based on the first request, setting this allows you to explicitly set the value.
We tried with the option you suggested but still the same issue persists. We replaced the 'UmbracoApplicationUrl' value with our domain URL.
Not sure if its an Umbraco bug or something. This is a pure vanilla copy with no custom code at all. The code works well on our internal servers but when deployed on the windows plesk hosting, this issue pop-out.
Let me know if you can remember any other action you took from your side to resolve the same.
The only other thing I remember we did around the same time was ensure that all properties in 'health check' dashboard were configured to have the green checkmark.
I am sure that our issue was related to the host application url (and potentially some ssl mismatch between the incorrect post url, and our login request)
Out of interest who are you hosting with? My last gasp idea would be to check the login cookie for signs of weird datetime/daylight savings 'off by an hour' issues
I had the same problem the last few days. In my case it was "ModSecurity", which wrongly classified access to the backend as malicious and blocked access. "ModSecurity" is the web application firewall that comes with Plesk as a module. Even though you wrote that the hosting team have disabled all security firewalls, maybe the hint will help others who also have problems with Plesk and Umbraco.
Windows Plesk Hosting - Frequent 401(Unauthorised) error on Umbraco 11 backoffice requests - keeping User logged out
Hi,
Kindly note that we have deployed the plain Vanilla copy of Umbraco 11 in Windows Plesk hosting.
The Umbraco installation and all worked well but when trying to login into the back office, the backoffice api requests are met with 401(Unauthorised) error which is causing the user to instantly logout.
Please refer the below screenshot,
Has anyone faced similar issues with Plesk hosting? We already spoke with the hosting team and they have confirmed that every security firewalls have been disabled or bypassed from their end, but still the user session does not persist.
Thanks in advance.
We had a similar issue with one of our sites - I think it was something to do with in-process/out of process hosting model.
I will check with my co-worker to see what we ended up doing to solve it.
One thing we noticed comparing it to a differnt "correctly" running application was that the auth cookies had different "expire at" times, even though they were set up identically.
Thanks James.
Waiting for your reply and hoping to get this resolved.
Just had a quick catch up with my colleague and we remembered that the issue was related to the application picking up the underlying host's domain name for the application eg (something-really-ugly.myhost.com), while you are trying to access the site though your custom domain name.
we fixed it by adding the following to the Umbraco->CMS section of the appsettings file:
When Umbraco boots and this setting is not set, then the application guesses this based on the first request, setting this allows you to explicitly set the value.
I hope this helps you!
Hello James,
Thanks for your efforts and suggestion.
We tried with the option you suggested but still the same issue persists. We replaced the 'UmbracoApplicationUrl' value with our domain URL.
Not sure if its an Umbraco bug or something. This is a pure vanilla copy with no custom code at all. The code works well on our internal servers but when deployed on the windows plesk hosting, this issue pop-out.
Let me know if you can remember any other action you took from your side to resolve the same.
Thanks
The only other thing I remember we did around the same time was ensure that all properties in 'health check' dashboard were configured to have the green checkmark.
I am sure that our issue was related to the host application url (and potentially some ssl mismatch between the incorrect post url, and our login request)
Out of interest who are you hosting with? My last gasp idea would be to check the login cookie for signs of weird datetime/daylight savings 'off by an hour' issues
Thanks James.
In addition to your suggestion to keep "WebRouting", we increased the "Timeout" also and it is working fine now.
Thanks for all your support.
Hi,
I had the same problem the last few days. In my case it was "ModSecurity", which wrongly classified access to the backend as malicious and blocked access. "ModSecurity" is the web application firewall that comes with Plesk as a module. Even though you wrote that the hosting team have disabled all security firewalls, maybe the hint will help others who also have problems with Plesk and Umbraco.
is working on a reply...