Cannot login with Windows Authentication if users have similar names

Found in

EPiServer.CMS.Core 8.8.2

Fixed in

EPiServer.CMS.Core 9.3.3

Created

Nov 13, 2015

Updated

Dec 16, 2015

Area

CMS Core

State

Closed, Fixed and tested


Description

Steps to reproduce

  1. Create a user in Windows named "user1".
  2. Create another user in Windows named "user10".
  3. Login with "user10." No problem.
  4. Login with "user1." See error.

EPiServer.Data.Providers.SqlDatabaseHandler: Exception thrown while executing transaction

System.Data.SqlClient.SqlException (0x80131904): No user with username user1 was found
Cannot insert the value NULL into column 'fkSynchedUser', table 'intranet.dbo.tblSynchedUserRelations'; column does not allow nulls. INSERT fails.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, SqlDataReader ds, Boolean describeParameterEncryptionRequest)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean asyncWrite)
at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(TaskCompletionSource`1 completion, String methodName, Boolean sendToPipe, Int32 timeout, Boolean asyncWrite)
at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()
at EPiServer.Data.Providers.SqlDatabaseHandler.<>c_DisplayClass32.<ExecuteTransaction>b_31()
at EPiServer.Data.Providers.SqlDatabaseHandler.<>c_DisplayClass35`1.<ExecuteTransaction>b_34()
at EPiServer.Data.Providers.SqlTransientErrorsRetryPolicy.Execute[TResult](Func`1 method)
at EPiServer.Security.SynchronizingUserService.SynchronizeUserAndClaims(String userName, IEnumerable`1 claims)
at EPiServer.Security.WindowsRoleProvider.GetRolesForUser(String username)
at System.Web.Security.RolePrincipal.IsInRole(String role)
at EPiServer.Security.MappedRole.IsInRoleOrVirtual(IPrincipal principal, Object context, String role)
at EPiServer.Security.MappedRole.IsInVirtualRole(IPrincipal principal, Object context)
at System.Collections.Concurrent.ConcurrentDictionary`2.GetOrAdd(TKey key, Func`2 valueFactory)
at EPiServer.Security.VirtualRolePrincipal.IsInRole(String role, SecurityEntityType type, Object context)
at EPiServer.Security.VirtualRolePrincipal.IsInRole(String role)
at System.Web.Configuration.AuthorizationRule.IsTheUserInAnyRole(StringCollection roles, IPrincipal principal)
at System.Web.Configuration.AuthorizationRule.IsUserAllowed(IPrincipal user, String verb)
at System.Web.Configuration.AuthorizationRuleCollection.IsUserAllowed(IPrincipal user, String verb)
at System.Web.Security.UrlAuthorizationModule.CheckUrlAccessForPrincipal(String virtualPath, IPrincipal user, String verb)
at EPiServer.Security.PrincipalInfo.HasPathAccess(String path)
at EPiServer.Web.DisplayChannelService.GetActiveChannels(HttpContextBase context)
at EPiServer.Web.TemplateResolverImplementation.ResolveCore(HttpContextBase httpContext, ContentType contentType, Type itemType, Object itemToRender, TemplateTypeCategories category, String tag)
at EPiServer.Web.TemplateResolver.Resolve(HttpContextBase httpContext, Object itemToRender, TemplateTypeCategories templateTypeCategory, ContextMode contextMode)
at EPiServer.Web.Mvc.ExistingActionRouteConstraint.Match(Route route, SegmentContext routingContext, String parameterName)
at EPiServer.Web.Routing.ContentRoute.MatchConstraints(SegmentContext segmentContext, HttpContextBase context)
at EPiServer.Web.Routing.ContentRoute.GetRouteData(HttpContextBase httpContext)
at System.Web.Routing.RouteCollection.GetRouteData(HttpContextBase httpContext)
at EPiServer.Web.Routing.RouteCollectionExtensions.HandleRouteData(RouteCollection routes, HttpContextBase context)
at EPiServer.Global.DefaultDocumentHandling(Object sender, EventArgs e)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
ClientConnectionId:d0fe5f30-d76f-4c0f-aebd-5487dbe4fdab
Error Number:50000,State:1,Class:16