RavenDB 2.0 Upgrade resulting in 403 Forbidden

Question

We were running RavenDB Build 2139 and decided to upgrade to build 2230 (version 2) to take advantage of all of the bug fixes, enhancements and new features.

After the upgrade we are suddenly getting a 403 Forbidden error message when calling RavenDB through our website (which is running with an AppPool identity that is in the LSCTallahassee\RavenDB AD Group).

We are running RavenDB a Window Service and have both of the following specified in the config file:

It is acting like it is not recognizing our IIS App Pool Identity as part of the LSCTallahassee\RavenDB group, but it was doing this before the upgrade.

Has anyone experienced this issue?

cross posted here: https://groups.google.com/d/msg/ravendb/BIvaaLUsfUA/wFpI1gQUBmEJ

Adam Spicer · Accepted Answer

I think I found what may be going on...

First off, this setting is no longer supported in version 2.0

Version 2.0 recommends that you specify such a setting directly in the database as shown here: http://ravendb.net/docs/server/authentication

However, at the time of writing this, it seems like there is a bug when following the documentation. In the settings area you can specify Windows Authentication Users or Groups. Using the Windows Authentication Users settings works while Windows Authentication Groups setting does not work. I documented the repro steps here: https://groups.google.com/d/msg/ravendb/BIvaaLUsfUA/kCdy4toDoZAJ

To work around the issue we are instead specifying Windows Authentication > Users directly instead of Windows Authentication > Groups in the security settings.

Something else worth sharing here is something that Oren pointed out while helping us diagnose this issue. Any Local Administrator or Domain Administrators will have access to the databases as a "safety feature" in case you locked yourself out. https://groups.google.com/d/msg/ravendb/BIvaaLUsfUA/yKH9sFxNrFAJ

RavenDB 2.0 Upgrade resulting in 403 Forbidden

Answers (1)

Related Questions