WindowsRoleProvider: GetRolesForUser throws exception if user name is NULL

Found in

EPiServer.CMS.Core 7.0.586.0

Fixed in

EPiServer.CMS.Core 11.8.1

Created

Apr 25, 2018

Updated

Jun 01, 2018

Area

CMS Core

State

Closed, Fixed and tested


Description

There is no repro for this scenario, but if the WindowsRoleProvider is configured and non-Windows principals are created without a user (user name is NULL), an exception is thrown. It is expected that the WindowsRoleProvider returns an empty list in such a scenario.

[SqlException (0x80131904): Procedure or function 'netSynchedUserRoleList' expects parameter '@UserName', which was not supplied.] 
System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) +3180428 
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) +332 
System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady) +4224 
System.Data.SqlClient.SqlDataReader.TryConsumeMetaData() +87 
System.Data.SqlClient.SqlDataReader.get_MetaData() +99 
System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString, Boolean isInternal, Boolean forDescribeParameterEncryption) +584 
System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, Boolean inRetry, SqlDataReader ds, Boolean describeParameterEncryptionRequest) +3069 
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry) +674 
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method) +83 
System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method) +301 
EPiServer.DataAccess.Internal.SynchronizeUsersDB.StringListFromCommand(DbCommand cmd, String columnName) +83 
EPiServer.DataAccess.Internal.<>c__DisplayClass5_0.<ListRolesForUser>b__0() +209 
EPiServer.Data.Providers.Internal.<>c__DisplayClass31_0`1.<Execute>b__0() +55 
EPiServer.Data.Providers.SqlTransientErrorsRetryPolicy.Execute(Func`1 method) +792 
EPiServer.Security.Internal.DefaultSynchronizedUsersRepository.GetRolesForUser(String userName) +117 
EPiServer.Security.WindowsRoleProvider.GetRolesForUser(String username) +221 
System.Web.Security.RolePrincipal.GetRoles() +253 
System.Web.Security.<get_Claims>d__4.MoveNext() +84 
System.Security.Claims.<get_Claims>d__51.MoveNext() +398 
System.Linq.WhereSelectEnumerableIterator`2.MoveNext() +263 
System.Linq.<DistinctIterator>d__64`1.MoveNext() +464 
System.Collections.Generic.HashSet`1.UnionWith(IEnumerable`1 other) +106 
System.Collections.Generic.HashSet`1..ctor(IEnumerable`1 collection, IEqualityComparer`1 comparer) +156 
EPiServer.Security.Internal.VirtualRoleToClaimConverter.AddClaims(IPrincipal principal) +867 
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +136 
System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) +195 
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +88