Signing Macros

David Chow asked on May 18, 2018 19:35

I am seeing macro signature issues and have not been able to re-sign them and fix the problem. 

|(user)mpenela|(hash)b4a2f1691dfe81f12efa95fa414be3475ae15211e6c7c5106b1b1e0b356dd81d' didn't pass. The expression was signed by user ''. Remove the signature and re-save the expression by a user with proper permissions.

I've followed the instructions here: https://docs.kentico.com/k8/macro-expressions/macro-troubleshooting/working-with-macro-signatures

The only way I can get the macro to not throw the error is by telling it not to check security by inserting the trailing @ instead of the #. However, this is not desired.

Steps we've done so far:

  • Re-Sign All Macros with "Sign All Macros" enabled.(we use CMSHashStringSalt in the webconfig)

  • Found the macro in question removed the # and saved. Then put the # back in, but error still shows.

*Note, this one macro is one of many that are throwing constant errors. This is also on custom macros.

It seems like re-signing is not work in my case.

Recent Answers

Trevor Fayas answered on May 21, 2018 15:03

Where is this exactly found? If this is a hard-coded value (like in some string property or something in a .cs file) then you may need to make a similar macro in a Static text webpart, look it up in the database and grab the macro syntax. Resigning macros only works on macros within the portal, not hard coded ones, and i'm guessing the environment may have changed that the macro hash would also be different (if you don't have a macro string hash set in the web.config, which v8 usually didn't).

To long didn't read: Can you show us where this macro text resides?

0 votesVote for this answer Mark as a Correct answer

David Chow answered on May 21, 2018 15:50

Thanks Trevor,

I did more research and found more information. I also should mention that this is on Kentico 9.

It looks like the error only shows up when macros are nested. There are two macros in use:

{% if(AonClient.Settings.isFSA==true && AonClient.Settings.isHSA==true) { %}

and

{%GetCheckOutMedicalPlanMessage("BronzePlusAlt,SilverAlt1, SilverAlt2,Gold,Platinum", GetResourceString("AON.And"), "coverage level costs","coverage levels cost")#%}

When used individually on the page, each of them works. However, when we use the GetCheckoutMedicalPlanMessage macro within the if statement macro, then the error gets logged and the macro does not render.

The GetCheckoutMedicalPlanMessage is a custom macro coded in a CS file. However, it is used just like any other macro in a content property within the portal.

Here is what the content of the page looks like:

Nested Macros: (does not work)

{% if(AonClient.Settings.isFSA==true && AonClient.Settings.isHSA==true) { %} 

    {%GetCheckOutMedicalPlanMessage("BronzePlusAlt,SilverAlt1, SilverAlt2,Gold,Platinum", 
    GetResourceString("AON.And"), "coverage level costs","coverage levels cost")#%}

{%}#%} 


{% if(AonClient.Settings.isFSA==true && AonClient.Settings.isHSA==true) { %} 
If macro, works. (Standalone)
{%}#%}



Custom GetCheckoutMedicalPlanMessage Works (Standalone):

{%GetCheckOutMedicalPlanMessage("BronzePlusAlt,SilverAlt1, SilverAlt2,Gold,Platinum", GetResourceString("AON.And"), "coverage level costs","coverage levels cost")#%}

The full error is as follows:

Security check of the expression ' if(AonClient.Settings.isFSA==true && AonClient.Settings.isHSA==true) { %} 
If you enroll in the @@{%GetCheckOutMedicalPlanMessage("BronzePlusAlt,SilverAlt1, SilverAlt2,Gold,Platinum", GetResourceString("AON.And"), "coverage level costs","coverage levels cost")#%}, you can use the Health Care FSA to pay for qualified medical, dental, and vision expenses.


{%}|(user)mpenela|(hash)ae02176f776effe302fdec6a22866d3d29505e91e691b9f84121b870cbf0a43f' didn't pass. The expression was signed by user ''. Remove the signature and re-save the expression by a user with proper permissions.

Thanks again!

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.