Umbraco Security Hardening With Leblender

[Stewart-T]

Hi,

I'am following the tutorial for improving Umbraco (7.13.2) security here https://our.umbraco.com/documentation/Reference/Security/Security-hardening/#rename-your-umbraco-folder and renamed my umbraco folder.

The backend of Umbraco seems to work fine until i open a template with Leblender running. Where i then find myself being automatically logged out.

Checking the network tab i can see that the call to the backoffice
/leblender/Helper/GetPartialViewResultAsHtmlForEditor is returning a 401 code.

How can i change the default umbraco folder name and still have Leblender work?

Thanks,
Stewart

[soreng]

Hi,

Normally this happens when you don’t have access to the required sections. Can you verify that the “lockdown” hasn’t been to restrictive?

[Stewart-T]

Hi,

I tried a clean install and got the same behaviour. Steps outlined below...

1. Clean install of Umbraco 7.13.2 via NuGet.
2. Uninstall the Starter Kit.
3. Install LeBlender 1.0.9.2.
4. Create a new document type called 'home', with a grid property.
5. Create a new LeBlender Grid Editor, tick render in grid.
6. Add in the _ViewStart.cshtml
   @{
   Layout = null;
   }
7. Create 2 instances of the 'home' document type in the content section
   7.1) First page will be called 'Grid without LeBlender' - Contains built in property editors - Headline, RTE, Quote etc
   7.2) The other page will be called 'Grid with LeBlender' - Contains the custom LeBlender Editor built at number 5.
8. Logout the CMS.
9. Follow security advise here... https://our.umbraco.com/documentation/Reference/Security/Security-hardening/ (Only the folder renaming)
10. Log back in to the CMS. With the new URL "my-secret-loginpanel".
11. Click page 'Grid without LeBlender' loads as normal.
12. Click page 'Grid with LeBlender', get logged out immediately.

Thanks,
Stewart