In our solution we have two different membership-providers.
The first one being the standard SqlServerMembershipProvider, and the second being UpmMembershipProvider from Microsoft Commerce Server. We do not use the MultiplexingMembershipProvider.
Out visible login page is set to authenticate using the UpmMembershipProvider.
We have replaced the standard episerver loginpage (for access to edit/admin etc) with our own to facilitate some extra functionality required for changing from a UpmMembershipProvider user to a SqlServerMembershipProvider user.
These things work out well so far, no security issues at all. Access to edit/admin is restricted as per usual and we have had no trouble with this.
Except for one small thing...
For some reason, on the front page of our solution (PageReference.StartPage), in the version list, there appears a number of versions seemingly published by unknown users (i.e. from the UpmMembershipProvider).
These users are not able to log in to either edit or admin.
To make things more confusing, these "rogue" versions have no visible changes.
Extension X3 is added to the mix for more fun:)
Anyone have any ideas on where to proceed?
To me it sounds like there is some scheduled job or function that automatically updates the startpage. For instance there could be some global value that is stored on the start page that needs to be updated occasionally.
How often do these ghost versions appear?
It could be a good idea to add some logging to find out what is causing the updates. Either use the built in log4net and log all DataFactory messages, or write som code that attaches the DataFactory.SavedPage event and prints out a message whenever the start page is updated.
I'm just throwing out some guesses here. It could be something completely different, like users with the same in the different providers that causes the system to get mixed up. Or some X3 stuff that I know nothing about :)
Per GunsarfsEPiServer CMS development team