Edit mode redirects to login page in EPiServer CMS 6 R2

After an upgrade to EPiServer CMS 6 R2 we noticed that valid users were redirected to the login page whenever they tried accessing edit mode. Seems language-specific permissions were the culprit.

  • 18 June 2011
  • 0

The problem

We recently upgraded a site to EPiServer CMS 6 R2, and after the upgrade we noticed that whenever we tried to access http://oursite/ui/CMS/Edit we were redirected to the login form.

We were able to access admin mode just fine, but whenever we clicked edit mode we’d be asked to log in. Also, we were able to access all other pages within the /Edit folder, for example http://oursite/ui/CMS/Edit/EditPanel.aspx. The problem seemed to affect http://oursite/ui/CMS/Edit/Default.aspx only.

The cause

The DefaultPage class in EPiServer (EPiServer.UI.Edit.DefaultPage) is the logic behind the Default.aspx page in edit mode. In its Init event it queries the current page (by default the start page when browsing to edit mode) for edit access for the current language - or any of the other languages enabled on the site.

If the current user doesn’t have edit permission for any language branch the user is redirected to the login page as seen here in the source code for the DefaultPage class:

Screenshot of source code in Visual Studio

The user we used to log in was a member of the WebEditors and WebAdmins groups, and we tried to re-apply the permissions to see if that would help. It didn’t.

The solution

Update: Before modifying any permissions, make sure you have a <virtualRoles> element in your EPiServerFramework.config file (this was changed with CMS 6 R2).

EPiServer CMS 6 R2 supports setting permissions on a per-language basis. Going into admin mode we can see which languages are enabled by clicking Manage Website Languages on the Config tab:


If we click the language name for one of our enabled languages, for example “English”


…we can see that we can set the access level for the specific language:


Now, as it were in our case the Everyone group had change permissions. One would think that would mean that any user (with edit access for a page) would be able to edit any language branch, but alas – we were not.

We specifically set the change permission for the WebEditors group…


…and were then suddenly able to access edit mode again and edit the specific language branch we had set permissions for. So, in order for editors to be able to edit any language we added the WebEditors group to all enabled languages.