Product: PowerShell Universal
Upgrade from version 3.x.x to 4.2.4. I am not able to login to admin console anymore.
Keep on getting
"Unauthorized Access
You are not authorized to view this page."
Only option is log off and back.
Back button does not work and log off button takes back to login screen again.
You don’t say what kind of authentication you are trying to do. I suspect that something that is happening in your authentication.ps1 or roles.ps1 is not working since the upgrade… posting sanitized versions of those files would help in troubleshooting.
authentication seems to be successful and works when I type username “Admin” and the password that is specified in the authentication.ps1 file.
If I try to use any other password then I cannot proceed further. However with correct login I get the “Unauthorised Access” “You are not authorized to view this page”
Image attached.
Based on what you are saying you are using forms authentication? Sounds like your role assignment got messed up somewhere either way. I would start at the roles and see what they look like.
I cannot login to Admin section. How do I check/fix this? There is only one user that and is Admin. It can very well be the Administrator.
Please Help.
Can you post a sanitized authentication.ps1 as well as a sanitized roles.ps1, specifically the section in roles.ps1 for the Administrator role
roles.ps1 file does not exist
authentication.ps1 is as below
if ($Credential.UserName -eq ‘Admin’ -and $Credential.GetNetworkCredential().Password -eq ‘fakePassword’)
{
New-PSUAuthenticationResult -Success -UserName ‘Admin’
}
else
{
New-PSUAuthenticationResult -ErrorMessage ‘Bad username or password’
}
}
Set-PSUAuthenticationMethod -Type “Windows” -Disabled
On another server with version 3.2.8, roles.ps1 does not exist in \UniversalAutomation\Repository.universal folder and it is working fine.
That will do it. Your roles are gone. Do you have any backups? If you don’t have any backups you’ll need to create a roles.ps1 under this path, or wherever you have the rest of your configuration files are
C:\ProgramData\UniversalAutomation\Repository\.universal
Here is the default roles.ps1 from a 4.2.4 install I just set up this week, paste it in the new roles.ps1, save it, and restart the service
New-PSURole -Name "Administrator" -Description "Administrators can manage settings, create and edit any entity and view all the entities with PowerShell Universal." -Policy {
param(
[Security.ClaimsPrincipal]$User
)
<#
Policies should return $true or $false to determine whether the user has the particular
claim that require them for that role.
#>
$false
}
New-PSURole -Name "Operator" -Description "Operators have access to manage and execute scripts, create other entities within PowerShell Universal but cannot manage PowerShell Universal itself." -Policy {
param(
[Security.ClaimsPrincipal]$User
)
<#
Policies should return $true or $false to determine whether the user has the particular
claim that require them for that role.
#>
$false
}
New-PSURole -Name "Reader" -Description "Readers have read-only access to PowerShell Universal. They cannot make changes to any entity within the system." -Policy {
param(
[Security.ClaimsPrincipal]$User
)
<#
Policies should return $true or $false to determine whether the user has the particular
claim that require them for that role.
#>
$false
}
New-PSURole -Name "Execute" -Description "Execute scripts within PowerShell Universal." -Policy {
param(
[Security.ClaimsPrincipal]$User
)
<#
Policies should return $true or $false to determine whether the user has the particular
claim that require them for that role.
#>
$false
}
EDIT:
Saw your next post about 3.2.8 after I initially sent this. If it works without roles.ps1 I’m not sure where to go from here. I would still try creating the roles.ps1 just to troubleshoot though
creating roles.ps1 alone did not fix it.
I changed administrator role to return $true in the roles script.
New-PSURole -Name “Administrator” -Description “Administrators can manage settings, create and edit any entity and view all the entities with PowerShell Universal.” -Policy {
param( [Security.ClaimsPrincipal]$User )
$false
}
This allowed me to login to the Console.
I then checked and found that Admin user have no role assigned.
Changed the role to “Administrator”.
Updated Roles.ps1 administrator to return to $false as you sent above.
I can now login to the console.
Thank you soooooo much for your help.