I don't see all application in Kentico. Please help me.
Currently I am Global System Administrator. This is my new website.
Current situation with applications looks like this:
Can someone help me ?
Thanks in Advance.
There are three things you need to check:
The user need to be set a Global Administrator in Users>User>General tab (dropdown list)
The user needs to be in the Global Administrator role which is part of the (global) roles.
You need to ensure any pre-configured roles which are assigned to the user for a particular site are removed. Reason being is any role with lower permissions will override any other "global" permissions.
I had the similar problem when I created my first site. All license, user and domain were rightly setup. I even checked all the settings for pages module which looked right. The only noticeable thing was that the site was not showing on top ribon as shown in solution 3.
I just did a log off and log on which resolved the issue. :)
Thanks a lot Brenden for directing towards solution.
I would first make sure the user you are using is set to Global Administrator, if not it would be permissions. If you can't access the users application, you can check in the database:
SELECT userid, username, dbo.CMS_User.UserIsGlobalAdministrator FROM dbo.CMS_User WHERE UserName =USERNAME
If you are a global administrator, it's possible that something happened to the CMS_UIElement table.
I have had a similar experience when working with a new site. Ensure that the appropriate site is selected (see image) and that the site has a valid license matching the Site domain name or alias (Sites -> {SiteName} -> General ).
Related
Logged in and authenticated as the Global Admin in O365 Enterprise subscription, I can query all users using Microsoft Graph. I can also query individual users with the User.Id.
But when I try to query the OneDrive files (DriveItem) for any user then I get an empty response and resource not found error. Same error when I use UserPrincipalName instead of Id.
sample request:
/v1.0/users/427d0a15-69db-4ab1-b7ae-542776ef53ed/drive/items
What is the call pattern for a Global Admin to query the drives/drive items of all users in the tenant?
I provided Admin Consent to the application already for these permissions:
public static string[] Scopes = {
"Files.ReadWrite.All",
"Sites.Read.All",
"Sites.ReadWrite.All",
"Sites.FullControl.All",
"User.ReadWrite.All",
"Directory.ReadWrite.All",
"Directory.AccessAsUser.All"
};
I am using Delegated Permissions and requesting permissions at runtime via the code using PublicClientApplication class if that matters.
Update:
I get the same "Resource Not Found" error when I call:
/v1.0/users/427d0a15-69db-4ab1-b7ae-542776ef53ed/drive/root/children
Source code:
IGraphServiceUsersCollectionPage usersCollection =
await graphClient.Users.Request().GetAsync();
foreach (User user in usersCollection)
{
IDriveItemChildrenCollectionPage childrenCollection =
await graphClient.Users[user.Id].Drive.Root.Children.Request().GetAsync();
}
When the Foreach loop iterates first time, the first user is the logged in Global Admin and the call to Drive.Root.Children works correctly, but on consequent iterations for other users, an exception is thrown with error message:
{"Code: itemNotFound\r\nMessage: The resource could not be found.\r\n\r\nInner error\r\n"}
You cannot call [/drive/items][1] directly. You need to either provide a DriveItem.Id (i.e. /drive/items/{id}) or a path (i.e. /drive/root/children).
Try this instead:
/v1.0/users/427d0a15-69db-4ab1-b7ae-542776ef53ed/drive/root/children
After days of trial and error I found out a workaround to the problem which I will post as an answer to help people having similar issues. If a better solution is provided I will accept that answer, so the hunt is still on..
It turns out that the Global O365 Admin does not by default have access to view OneDrive Business folders and files of other users in the tenant.
What I had to do is:
Login as the Global Admin to O365 portal
Go to Admin Center > Users
For each User, expand OneDrive Settings and click on "Access files"
This gives permissions to manage that user's OneDrive.
After doing this:
/v1.0/users/427d0a15-69db-4ab1-b7ae-542776ef53ed/drive/root/children
returns properly all children of that users drive items!
I said I will accept a better answer, so to define better:
An answer that shows how to do this by code
Or an answer that at least shows how to do this with less clicks. Imagine if the tenant has 100K users, the global admin has to click that Access Files button for 100K users one by one! (no bulk settings option available) That s not a great experience and not a practical solution.
Best answer would be: 1 + 2 :)
UPDATE:
I found a better workaround, that is if I set the permissions in App Mod, as opposed to Delegated permissions/User Mod. Then the app has access to all users' drives/files in One Drive and there is no need for the global admin to provide himself the permissions as such. The enterprise admin would just need to give consent to the app only once in its lifetime in the enterprise tenant. With this update I will accept this answer.
I am building an intranet with ASP.NET core 2.0 MVC. All users are part of an active directory. Additionaly I have a MSSQL database with the following tables:
Users (Id, FirstName, UserNameAd (unique), ...)
Roles (Id, RoleName)
UserRoles (User_Id, Role_Id)
In my web application I now want to retrieve the roles of a user and store them in the Authentication/Identity Classes of Microsoft in order to use [Authenticate(Roles="Admin")] stuff. I am not sure where I shall put this role-request and what is the best practice. It is possible that a user gets a new role during the day or that a role is removed during the day and I actually do not want the user to click something specific or need him to restart the browser in order to get the new roles applied - thats why I think that the roles need to be requested with each server-action (POST, GET) from the server.
Any idea or link to a good tutorial would be highly appreciated.
Also if you think my approach is not good practice and you have a better idea I would be happy to know.
After a lot of discussions and researches in the internet i came to the conclusion to chose pure windows authentication.
It works out of the box and you can already use the active directory groups as roles with [Authorize(Roles = "ADGroupName")] which is really straightforward and nice.
To take this question clear, I take for this question the sample workflow delivered by Sitecore version 6.6.
In the Sitecore solution I have defined three roles (in order by a lot of permissions to low):
Administrator
Author
Blogger
Ad 1. The administrator does have all permissions.
Ad 2. The author does have all permissions to create, edit and delete content, to publish the content - and to approve and disapprove content written by the blogger.
Ad 3. The blogger has only rights to create content under a specific path in the content three and only based on the Blog template. This user has no rights to publish content
Now the problem. The user with role Author and Blogger cannot see the workflow ribbon in the review tab. Does anyone know how to solve this?
Thanks a lot,
Jordy
Please assign sitecore\Sitecore Client Authoring role to Author and Blogger in Member of.
How? If you login and go to core database by appending ?sc_content=core in url and enter. Now you traverse to below item. Now click Assign command in Security Tab.
/sitecore/content/Applications/Content Editor/Ribbons/Chunks/Workflow
You will see as below. Note: I checked this in Sitecore 8 Initial but hope this should be same for your version.
I have WCF service with Windows authentication. To identify client user on the service side I'm using following code: ServiceSecurityContext.Current.PrimaryIdentity.Name.
That returns me string in the form: 'domain\janedoe'.
Jane Doe became married and changed last name. Active Directory administrator also renamed her user id. So now she logs into AD as 'domain\janesmith'.
My issue is that ServiceSecurityContext.Current.PrimaryIdentity.Name still returns old one - 'domain\janedoe'.
Do you have some suggestions on where to start with this ?
There is some caching mechanism in Active Directory.
Maybe this link will help you link
I had a similar problem with a web app I was running in IIS 6. The only thing that would ever work for me to clear the cache was to restart the server. Our AD admin was completely unhelpful/out of his depth so I eventually just re-wrote the page to grab the sid. Then if I needed the username I would do an LDAP query on the sid to get the user name.
How about using Softerra LDAP Browser (the free version 2.6) to see what attributes are available and to see which field could have possibly been read from?
Then you could investigate further; maybe the change of her name did not cover all necessary attributes.
Addition:
Also, if you have multiple domain controllers that replicate their information, there could be some delay, until they all have up-to-date data.
My project has a Guest folder and an admin folder.
Guest has a guest1.aspx page and admin has admin1.aspx page.
Now I am trying to figure out a login control which will check the role of the user and send them to the respective pages accordingly.
The names are not in the database or the active directory...
These names are on the windows 2003 server...
So I need to check from the server if the user exists and what is its role in it..
what is the best way to achieve this... please any suggestions...
this is very important for me
any help is appreciated
thanks
#John_ Let me explain
Suppose there is company which has 10 employees and one administrator.. the company has a server and these employees are on the same domain. So the admin can add that machine to the server or delete it.. now every machine has its username password and domain.. i want my gui to use the same credentials to log into the gui and send them to the respective pages according to the role..
In the LoggedIn event check the roles of the user and use the DestinationPageUrl property of the Login control to redirect to the proper page.
You can find some examples of checking the active directory group that the user is a member of here: http://www.codeproject.com/KB/system/everythingInAD.aspx#38