Missing a default "Access Denied" page

episerver / netcore-preview

This repository is a preview providing early access to the latest Optimizely (formerly Episerver) product packages targeting .NET 5.

43 stars 9 forks source link

Missing a default "Access Denied" page #80

Closed stefanolsen closed 3 years ago

stefanolsen commented 3 years ago

Observations: When a user is logged into Episerver, but has no access roles for the particular area (or no roles at all), the user is redirected to /Account/AccessDenied. This is not an existing page and so an empty 404 page is rendered.

Expected: The user should see a page with an error description. In previous Episerver versions, there was a default "Access Denied" page, which could also be overridden.

Builds:

EPiServer.CMS.UI.Core: 12.0.0-inte-021292
EPiServer.Commerce.Web: 14.0.0-inte-020696

lunchin commented 3 years ago

Added to internal tracker

bjuris commented 3 years ago

Fixed in next drop

stefanolsen commented 3 years ago

Now it seems that instead of seeing an Access Denied page, I am redirected to the login page, even when I am logged in (but without the needed access roles.

Builds:

EPiServer.CMS.UI.Core: 12.0.0-pre-021601
EPiServer.Commerce: 14.0.0-inte-021024

lunchin commented 3 years ago

Please use applicationcookie options to set the path you want. We will set to login path if there is nothing set.

if (string.IsNullOrWhiteSpace(o.AccessDeniedPath)) { o.AccessDeniedPath = ModuleRouteConstants.DefaultLoginPath; }