We have Kentico CMS with MVC site.
I recently upgraded Kentico 12 to 13 and started getting a "resource not found" error on doing Page Preview in the admin app. I had not uninstalled the Kentico 12 NuGet packages from MVC app before updating them to 13. After uninstalling them and reinstalling 13, the error has changed to below error. Applying 13.0.52 hotfix did not make any change.
Try reloading the administration interface. The user was not found in the JWT token, nor in the current virtual context URL.
Here is the stacktrace:
Server Error in '/' Application. Try reloading the administration interface. The user was not found in the JWT token, nor in the current virtual context URL. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: CMS.Helpers.InvalidVirtualContextException: Try reloading the administration interface. The user was not found in the JWT token, nor in the current virtual context URL.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[InvalidVirtualContextException: Try reloading the administration interface. The user was not found in the JWT token, nor in the current virtual context URL.]
Kentico.Content.Web.Mvc.VirtualContextPrincipalRetriever.GetPrincipal(String jwtToken) +417
Kentico.Content.Web.Mvc.VirtualContextPrincipalAssigner.SetVirtualContextPrincipal(IVirtualContextPrincipalRetriever virtualContextPrincipalRetriever) +229
CMS.Base.AbstractHandler.CallEventHandler(EventHandler1 h, TArgs e) +115 CMS.Base.AbstractHandler.Raise(String partName, List1 list, TArgs e, Boolean important) +1028
CMS.Base.SimpleHandler2.RaiseExecute(TArgs e) +145 CMS.Base.SimpleHandler2.StartEvent(TArgs e) +236
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +223 System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) +220 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +94
Edit
My MVC site has a security related entry in web.config which is causing this.
<add name="X-Frame-Options" value="deny" />
It was added due to Page Preview's <iframe> behavior. We have always used "Preview in new tab". Not sure if it's safe to remove this.
Please see the documentation. It describes what happens when you set this header on your own: "If you manually apply the X-Frame-Options header in your MVC site's web.config file, the preview mode and all related features (such as the page builder and form builder) in the Xperience administration display a blank page instead of the previewed content."
And it also explains what needs to be done: "If you set CSP headers on your own, make sure to always whitelist the Xperience administration parent site using the frame-ancestors policy. Otherwise the preview mode and all related features will not display content."