We have moved to GitHub Issues
You are viewing the read-only archive of Umbraco's issue tracker. To create new issues, please head over to GitHub Issues.
Make sure to read the blog posts announcing the move for more information.
Created by somu 31 Jul 2017, 07:54:31 Updated by Dan Booth 18 May 2018, 13:58:25
Hi all,
I have a rich text editor inside of the grid layout control. All works correctly until I try to insert an image and save at which point I get this error on backoffice:
Authorization error: Unauthorized access to URL: /umbraco/backoffice/UmbracoApi/Content/PostSave
We are running version 7.5.11 in a azure environment. Absolutely any recommendations on what I can try? I'm running out of ideas. It happens only in the site which runs over https. If i run the site over http and save, there is no problem.
2 Attachments
Did you set umbracoUseSSL="true"
in web.config?
Hi @sebastiaan
Yes. umbracoUseSSL is set as true in web.config.
Alright, I'm very sorry, but I haven't heard anyone else having this problem.
Make sure to head over to the forums for help with this: https://our.umbraco.org/
Thank you @sebastiaan. I already posted this issue in forums (https://our.umbraco.org/forum/using-umbraco-and-getting-started/87016-back-office-error-over-https-site) but don't get any solution or even reply from anybody. :(
@infoapp2013 assigning an issue to me is not going to get it resolved. If you wish to get to the bottom of your issue you'll need to provide far more details:
Anytime you submit a bug or ask for help these things will make it far more likely that people will be able to help you out. As Sebastiaan mentioned, nobody has seen this issue before so chances are it's environment specific or something odd bit of code, plugin or settings that is causing the problem.
@Shandem Thanks for giving the options. will try and come back.
@Shandem
I don't get this error in a clean install on a different environment also our client's don't want to upgrade the version before the answer for the below message from Umbraco support.
When i hit save and see the console in the browser, i got the error like in the attached screenshot, and when i click the link /umbraco/backoffice/UmbracoApi/Content/PostSave, It returns the json message like {"Message":"The requested resource does not support http method 'GET'."}. I changed all the url's which are pointing http to https.
I'm not restricting permissions to any node to users. I am using a macro for just submitting the Contact information to database and i removed the macro but no luck.
Could you please respond asap.. Thanks.
@infoapp2013 If you have a support contract with us then please get in touch through our support channel: https://shop.umbraco.com/profile/options/get-help-and-support/support-for-your-umbraco-pro-websites/
Other than that, as you've noticed, on a clean install this problem does not occur, so there seems to be a problem with your configuration or code. However, since nobody else has this problem I will close this issue as "Cannot Reproduce". Please do not re-open this issue unless you have steps to reproduce this problem on a clean Umbraco install.
Hello, I also have this problem on Azure as well. It is on a clean version of Umbraco version 7.6.5 assembly: 1.0.6428.37121 on an original 7.5.12 database that was updated as part of the install.
The website is behind a Microsoft Application Gateway/WAF so I cant use UmbracoUseSSL to true as no https traffic is being sent behind the firewall. https is converted to http on the firewal, and vice versa.
Also I need to set debug = false in web.config in order to login as I think there are some errors ClientDependency whether this is relevant or not I dont know.
thanks Nigel
Here are some errors if this helps. (TypeError: Cannot read property 'length' of undefined)
backoffice/UmbracoApi/Member/PostSave 403 () (anonymous) @ VM507:1 (anonymous) @ angular.min.js?cdv=167830318:106 o @ angular.min.js?cdv=167830318:102 g @ angular.min.js?cdv=167830318:100 i @ angular.min.js?cdv=167830318:79 i @ angular.min.js?cdv=167830318:79 (anonymous) @ angular.min.js?cdv=167830318:80 $eval @ angular.min.js?cdv=167830318:92 $digest @ angular.min.js?cdv=167830318:90 $apply @ angular.min.js?cdv=167830318:92 (anonymous) @ angular.min.js?cdv=167830318:156 dispatch @ jquery.min.js?cdv=167830318:3 r.handle @ jquery.min.js?cdv=167830318:3 angular.min.js?cdv=167830318:63 TypeError: Cannot read property 'length' of undefined at Object.getAllProps (umbraco.services.js?cdv=167830318:962) at Object.reBindChangedProperties (umbraco.services.js?cdv=167830318:1091) at umbraco.controllers.js?cdv=167830318:9250 at o (angular.min.js?cdv=167830318:80) at angular.min.js?cdv=167830318:81 at Object.$eval (angular.min.js?cdv=167830318:92) at Object.$digest (angular.min.js?cdv=167830318:90) at Object.$apply (angular.min.js?cdv=167830318:92) at j (angular.min.js?cdv=167830318:101) at r (angular.min.js?cdv=167830318:104)
I can only suggest that there is something awry with you configuration of Microsoft Application Gateway/WAF. I assume you've tested that it works when it's not behind this? Bumps you CDF version in the clientdependency.config file too just in case
Thanks for the reply. When I access Umbraco back office directly (bypassing the firewall) I still need to have debug set to true, and UmbracoUseSSL = False. When debug is set to false (going directly) you can still see the login screen but none of the css etc gets loaded. I expect this is a client dependency issue. The Clientdependency url is in the source code of the page and it can be accessed but gives a 403 forbidden error message.
I think the ClientDependency is causing the issue logging in.
I have set bundleDomains etc in ClientDependncy.config and a
I have upgraded to Umbraco version 7.6.6 assembly: 1.0.6456.19226 and the issue seems to be the same.
is there any way to turn ClientDependency off without setting debug=true?
the public facing website works perfectly.
to summarise, the issues are, I can only login when debug=true, I can only amend content when bypassing firewall.
No there's not a way to do that with CDF. Have you change CDF config at all from it's original? Can you try using the original config that is shipped with Umbraco? Did you also bump the CDF config version value?
Hi Shannon, yes I added in some bundleDomains into the CDF config. I have restored it to the original file, stopped WWW service, cleared cache, and incremented version +1, then rebooted server.
With debug=false I still get a white screen when hitting the back office url.. When browsing to the https://
403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied.
I can login when debug=true. but then dont have permission to save or add any thing. eg On the Developer Dashboard I get the following error dashboard/feedproxy.aspx?url=http://umbraco.tv/videos/developer/chapterrss?sort=no Failed to load resource: the server responded with a status of 403 ()
I have tried with and without umbracoUseSSL = true/false and with debug = true/ false. thanks
if it's a 403 then something is denying the request to DependencyHandler. This isn't something to do with CDF, it something that is configured to deny that request. I'd advise just debugging paths such as that to see what is causing 403. Maybe you have some formsauth paths configured to deny certain things, or maybe it's something else. As always, try to do this with a vanilla Umbraco site and when that works, you'll need to figure out what you've changed in your app/config to make it stop working.
Does anyone know a fix for this?
@shearer3000 I am getting this problem too. The files work fine when I request them through the browser directly. It's only in Azure when the ClientDependancyhandler requests them that it has a problem.
Hi, I found this in web.config, which I believe was causing this issue (it's a site I have been brought in to debug, not one of my own builds):
Hi @RichHamilton we don't have these settings in our Umbraco web.config but we are getting the same error over https like everyone else.
I plan to setup a clean install of Umbraco on Azure over the forthcoming days to see if its present or not.
@Shandem @RichHamilton I have tried this on a clean install of Umbraco 7.7.7 Set up on Azure VM 2016R2 with SQL Azure DB. It works for http, but once I try https, I can no longer log in. When I try to login, I get a 404 Error.
backoffice/UmbracoApi/Authentication/PostLogin
)]}', {"Message":"The requested resource does not support http method 'GET'."}
There are no IP restrictions in place on the Umbraco folder.
This may be interesting, I can login on http, change URL in browser to https and I can then save content etc without error.. would this be connected to the original authentication at login?
Nigel, did you remember to set umbracoUseSSL
to true
when you switched over to https?
Hi @sebastiaan yes i tried it both with and without that setting.. or do you mean login with http, set umbracoUseSSL to true then change to https? thanks
Logging in over https will with that setting set to true or false, but if it's set to true the cookie will only be submitted over https. If you try to do anything over http, you will get errors. Make sure to add a redirect to https as well for everything, that might help.
For more info, see: https://cultiv.nl/blog/so-you-want-to-secure-your-umbraco-site/
In any case, there seems to be some kind of misconfiguration on your machine as this all works all the time on hundreds of sites on Umbraco Cloud (actually thousands, since they all use https on their UC url).
I don't know what the misconfiguration is though, mystery.
I've seen problems like this before if the webdav module is installed, make sure to remove it using web.config (we ship this by default, but just checking):
And I hope your system.webServer/handlers still contains the following:
Just for anyone else that comes across this issue, we experienced this exact issue today in a website deployed to Azure with the settings mentioned by @RichHamilton in our web.config - removing these resolved the issue immediately.
Hi, I was wondering if anyone else had the same issue on Azure with a VM sitting behind a web application firewall.
I have implemented a clean version of Umbraco. (7.10.4)
UmbracoUseSSL = True
I have got around the login page showing, by removing the fileDependencyExtensions in ClientDependency.config
so I can now at least login.
However, I am unable to save anything. I get the following errors Failed to load resource: the server responded with a status of 400 (Bad Request) /backoffice/UmbracoApi/Authentication/PostLogin
Failed to load resource: the server responded with a status of 403 (ModSecurity Action /backoffice/UmbracoApi/Content/PostSave
Within the logs are the following entries.
2018-04-30 18:27:11,851 [P3656/D7/T26] INFO Umbraco.Core.Security.BackOfficeSignInManager - Event Id: 0, state: Login attempt succeeded for username myemailaddress@domain.com from IP address 10.2.0.4 2018-04-30 18:27:11,851 [P3656/D7/T26] INFO Umbraco.Core.Security.BackOfficeSignInManager - Event Id: 0, state: User: myemailaddress@domain.com logged in from IP address 10.2.0.4 2018-04-30 18:27:12,773 [P3656/D7/T26] ERROR Umbraco.Web.WebApi.Filters.AngularAntiForgeryHelper - Could not validate XSRF token System.Web.Mvc.HttpAntiForgeryException (0x80004005): The provided anti-forgery token was meant for user "", but the current user is "myemailaddress@domain.com". at System.Web.Helpers.AntiXsrf.TokenValidator.ValidateTokens(HttpContextBase httpContext, IIdentity identity, AntiForgeryToken sessionToken, AntiForgeryToken fieldToken) at System.Web.Helpers.AntiXsrf.AntiForgeryWorker.Validate(HttpContextBase httpContext, String cookieToken, String formToken) at Umbraco.Web.WebApi.Filters.AngularAntiForgeryHelper.ValidateTokens(String cookieToken, String headerToken)
2018-04-30 18:49:47,526 [P3656/D13/T27] INFO Umbraco.Core.Security.BackOfficeSignInManager - Event Id: 0, state: Login attempt succeeded for username myemailaddress@domain.com from IP address 10.2.0.5
2018-04-30 18:49:47,526 [P3656/D13/T27] INFO Umbraco.Core.Security.BackOfficeSignInManager - Event Id: 0, state: User: myemailaddress@domain.com logged in from IP address 10.2.0.5
2018-04-30 18:49:48,703 [P3656/D13/T27] ERROR Umbraco.Web.WebApi.Filters.AngularAntiForgeryHelper - Could not validate XSRF token
System.Web.Mvc.HttpAntiForgeryException (0x80004005): The anti-forgery token could not be decrypted. If this application is hosted by a Web Farm or cluster, ensure that all machines are running the same version of ASP.NET Web Pages and that the
The umbraco install is behind the firewall, the IP Address is the internal firewall address. 10.2.0.5
Any other suggestions.
thanks Nigel
Just to mentioned I've just encountered this issue on a 7.9.2 install. Happened on one page, with an image in the RTE. If I delete the image the page published, but if it remains get the "unauthorised banner". I can't see anything strange about the image - totally bog standard.
The site is running on a single, dedicated Windows server - not Azure. No load balancing or anything. Checked all the things in this thread.
The only thing I can think is that when the image was added the site was running on HTTP, but was later moved to HTTPS. But other pages with images don't have this issue.
Priority: Normal
Type: Bug
State: Can't Reproduce
Assignee:
Difficulty:
Category:
Backwards Compatible: True
Fix Submitted:
Affected versions: 7.5.11
Due in version:
Sprint:
Story Points:
Cycle: