Umbraco 7.2.8 + Teacommerce 3.0.3 Security Exception on Edit Store
I've installed a fresh install of Teacommerce 3.0.3 and a fresh install of Umbraco 7.2.8 however whenever I go to the edit store page for the store I have setup, I get a YSOD as follows, any ideas?
Server Error in '/' Application.
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: Security error.
Source Error:
[No relevant source lines]
Source File: c:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\root\6e6a9604\30221736\App_Web_editstore.aspx.a6caedcd.hddwenkb.0.cs Line: 0
Stack Trace:
[SecurityException: Security error.]
TeaCommerce.Umbraco.Application.Views.Stores.EditStore.OnInit(EventArgs e) +1471
System.Web.UI.Control.InitRecursive(Control namingContainer) +186
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +12309539
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +12309057
System.Web.UI.Page.ProcessRequest() +119
System.Web.UI.Page.ProcessRequest(HttpContext context) +99
ASP.app_plugins_teacommerce_views_stores_editstore_aspx.ProcessRequest(HttpContext context) in c:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\root\6e6a9604\30221736\App_Web_editstore.aspx.a6caedcd.hddwenkb.0.cs:0
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +913
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +165
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.34248
What does Source File: c:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\root\6e6a9604\30221736\AppWebeditstore.aspx.a6caedcd.hddwenkb.0.cs Line: 0
Ok, I think I sussed it out, though I did have to slightly violate the licensing agreement a little :) (Any update on whether TC will be open sourced? ;))
So it looks like the issue is with the EditStore code behind, in that, it uses a PermissionService to determine whether the current logged in user has permission to edit the store. But the problem is, the Permissions property (which is populated by via the PermissionsService) is populated at the time of instantiation for the EditStore class, which at this point, the current logged in user is not yet set (which PermissionService uses to lookup the Permissions to return), and so the page thinks "there is no user, and so you don't have permission"
This doesn't seem to be a problem on other views because the Permissions property is populated during the OnInit call which gives Umbraco enough time to set the current User and so works as expected.
My guess at a fix would be to move the population of the Permissions property to be within the OnInit function like the other pages so that the current user can be set.
Umbraco 7.2.8 + Teacommerce 3.0.3 Security Exception on Edit Store
I've installed a fresh install of Teacommerce 3.0.3 and a fresh install of Umbraco 7.2.8 however whenever I go to the edit store page for the store I have setup, I get a YSOD as follows, any ideas?
What does Source File: c:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\root\6e6a9604\30221736\AppWebeditstore.aspx.a6caedcd.hddwenkb.0.cs Line: 0
Contain?
Scratch that, look here https://our.umbraco.org/projects/website-utilities/tea-commerce/tea-commerce-support/63771-Security-exceptions-after-upgrading-Umbraco-to-724
Already tried that, didn't fix it (emptied temp files, restarted IIS, etc) :(
Ok, I think I sussed it out, though I did have to slightly violate the licensing agreement a little :) (Any update on whether TC will be open sourced? ;))
So it looks like the issue is with the EditStore code behind, in that, it uses a PermissionService to determine whether the current logged in user has permission to edit the store. But the problem is, the Permissions property (which is populated by via the PermissionsService) is populated at the time of instantiation for the EditStore class, which at this point, the current logged in user is not yet set (which PermissionService uses to lookup the Permissions to return), and so the page thinks "there is no user, and so you don't have permission"
This doesn't seem to be a problem on other views because the Permissions property is populated during the OnInit call which gives Umbraco enough time to set the current User and so works as expected.
My guess at a fix would be to move the population of the Permissions property to be within the OnInit function like the other pages so that the current user can be set.
Now if only I could issue a PR ;)
Matt
Hey TC,
When do you plan to release an official fix for this?
Cheers,
Tom
I'm having this problem after upgrading to 7.2.8. Any fix on the way?
Hi there,
We also have the same problem in Umbraco 7.2.8 with 3.x versions of Teacommerce (we have tried all).
We have tried everything suggested such as clearing the ASP.Net cache, and even restarting the server. Have also tried setting High Trust on security.
Is there a solution or workaround to this problem?
Thanks, Peter
is working on a reply...