A critical vulnerability was discovered in React Server Components (Next.js). Our systems remain protected but we advise to update packages to newest version. Learn More.
It looks like you have assigned the roles to the 'mode' attribute rather than the 'roles' one. Keep 'mode' as 'Any' and replace 'Everyone' with your role list.
Sorry about that. It was a typo but I have mode as Any and roles of what it should be.
Do you mean that it was a typo in your question or in your web.config? Also, are the roles separated by comma?
<add name="contentapiread" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="CMSAdmins, MyRole1, MyRole2, MyRoleGroup1" mode="Any" />Sorry for any confusion. It was typo in my question. My web.config is correct as per the documentation and as you have mentioned above.
This turned out to be issue with authorization where claims were not be set correctly.
As per the documentation I have set up the Content delivery API . As suggested I have added the virtual role:
<add name="contentapiread" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="Everyone" mode="Any" />
With above line when role is set to Everyone the Content delivery API response is coming up fine. However when I assign a role
<add name="contentapiread" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="Everyone" mode="CMSAdmins MyRole1 MyRole2 MyRoleGroup1" />
The Id i used to login to the site is having CMSAdmins as the role but Content Delivery API responsds with Forbidden.
What am I missing here ?