User Permissions Issue - BlogEngine

Topics: Business Logic Layer
Dec 6, 2012 at 5:55 PM
Edited Dec 6, 2012 at 5:58 PM

I'm able to successfully create new users under unique account permissions.  However, their login credentials are being rejected.  Only as an 'Administrator' can they login.  If I change the users to 'Editor' or 'Author', then their login is rejected.

Anyone experiencing this?  Any help would be appreciated.

Thanks!

Dec 13, 2012 at 12:28 AM

bump.. anyone experiencing this?

Dec 13, 2012 at 10:55 AM

Are you using ml provider? What version of Blogengine?

If you're using XmlProvider then I advice to make certain modifications to XmlMembershipProvider.cs

In ValidateUser find the followng code

            catch (Exception)           

{                return validated;            }

and replace 'return validate' with 'throw'

Existing code makes rather dubious action when an exception happens, login fails and the exception is suppressed. 

Dec 13, 2012 at 5:27 PM
Edited Dec 13, 2012 at 5:28 PM

We are using the latest version of BlogEngine 2.7.

And the SQL DB paradigm for database (and not an XmlProvider).  Does your solution still apply in this case? or what suggestions do you have.  Basically, the only user permissions that are allowable for us are 'Administrator'.

thanks for the help!

Dec 13, 2012 at 5:59 PM
rtemery wrote:

We are using the latest version of BlogEngine 2.7.

And the SQL DB paradigm for database (and not an XmlProvider).  Does your solution still apply in this case? or what suggestions do you have.  Basically, the only user permissions that are allowable for us are 'Administrator'.

thanks for the help!

I'm afraid my suggestion is only valid for XmlProvider. I just checked SqlMembershipProvider and it worked for me. 

Is 'keep me logged in' checkbox ticked?

Dec 13, 2012 at 9:46 PM

We aren't even able to get an initial successful login for any user accounts set on anything other than Administrator.   So all our users have Admin permissions at this point (which is undesirable of course).

Dec 13, 2012 at 10:01 PM

Perhaps you could try to debug through DbMembershipProvider's ValidateUser routine?

Coordinator
Dec 14, 2012 at 3:33 PM

Go to admin/users/roles and select "rights" in the tools menu for the roles in question. Make sure they have right to view public posts.

Dec 14, 2012 at 5:17 PM

That's it... it works now! I needed to enable more permissions.  (I think BlogEngine should have the minimally needed permissions pre-selected so this isn't trial and error attempts).  But now Editors can login after my changes... thank you!