Crash after userlogin

m.beckman's Avatar

m.beckman

16 Jul, 2015 09:44 AM

HI Anton,

I created a new user with a group that has no system permissions checked.
When i try to login as that user, i keep getting the loginsscreen.

When i add another group (collaboration) to the user i get this error:

System.Web.Mvc.HttpAntiForgeryException (0x80004005): A required anti-forgery token was not supplied or was invalid.
   at System.Web.Helpers.AntiForgeryWorker.Validate(HttpContextBase context, String salt)
   at System.Web.Helpers.AntiForgery.Validate(HttpContextBase httpContext, String salt)
   at System.Web.Mvc.ValidateAntiForgeryTokenAttribute.OnAuthorization(AuthorizationContext filterContext)
   at System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor)
   at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)
   at System.Web.Mvc.Controller.ExecuteCore()
   at System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext)
   at HgLab.Core.Framework.Web.HgLabControllerBase.Execute(RequestContext requestContext) in d:\projects\hglab\src\HgLab.Core\Framework\Web\HgLabControllerBase.cs:line 100
   at System.Web.Mvc.ControllerBase.System.Web.Mvc.IController.Execute(RequestContext requestContext)
   at System.Web.Mvc.MvcHandler.<>c__DisplayClass6.<>c__DisplayClassb.<BeginProcessRequest>b__5()
   at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass1.<MakeVoidDelegate>b__0()
   at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass8`1.<BeginSynchronous>b__7(IAsyncResult _)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.End()
   at System.Web.Mvc.MvcHandler.<>c__DisplayClasse.<EndProcessRequest>b__d()
   at System.Web.Mvc.SecurityUtil.<GetCallInAppTrustThunk>b__0(Action f)
   at System.Web.Mvc.SecurityUtil.ProcessInApplicationTrust(Action action)
   at System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult)
   at System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result)
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

After the error, the user will be logged in.

My goal is to have users who can only view specific repo's and cannot change them.
I would think that would be possible by just adding a group with no system permissions.

If you need more info for reproduction, just ask :)

Greets,

Maurice

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

21 Aug, 2019 09:07 AM
30 Jul, 2019 08:59 PM
31 May, 2019 02:29 PM
26 Nov, 2018 01:47 PM
16 Nov, 2018 07:51 PM

 

06 Nov, 2018 04:30 PM
24 Oct, 2018 07:57 AM
20 Jul, 2018 11:07 PM
05 Jul, 2018 10:53 AM
27 May, 2018 01:33 AM
14 May, 2018 03:38 PM