Episerver Find extension method ContentSearchExtensions.FilterOnReadAccess is broken. It no longer returns any results for anonymous users.
The issue happens with the latest nugets:EPiServer.CMS.Core 9.8.1EPiServer.Find 188.8.131.5296EPiServer.Find.Cms 184.108.40.20696EPiServer.Find.Framework 220.127.116.1196
It seems that the issue is caused by changes in EPiServer.Security.VirtualRoleRepository, which has method VirtualRoleRepository.GetDefault() for obtaining an instance. The method is now deprecated and no longer works as it should, but the latest Find nuget uses it. The fix is to use IoC to obtain the instance.
// Class: EPiServer.Find.Cms.ContentSearchExtensions
private static IEnumerable GetCurrentUsersRoles()
List list = Enumerable.ToList((IEnumerable) PrincipalInfo.Current.RoleList);
// This seems to cause the issue. GetDefault method is deprecated and returns the wrong instance
VirtualRoleRepository @default = VirtualRoleRepository.GetDefault();
// !!! Should use IoC. This retrieves the correct instance
//VirtualRoleRepository @default = ServiceLocator.Current.GetInstance();
foreach (string name in @default.GetAllRoles())
if (@default.TryGetRole(name, out virtualRoleProvider) && virtualRoleProvider.IsInVirtualRole(PrincipalInfo.CurrentPrincipal, (object) null))
return Enumerable.Distinct((IEnumerable) list);
The latest CMS patch is not rollbackable due to DB changes, and I would really like to avoid making own workaround extensions for Find. So, could you release a fix as soon as possible, please :)
Looks like EPiServer.GoogleAnalytics is also affected, and likely all older code that uses virtual roles. Perhaps the easiest fix is to make VirtualRoleRepository<VirtualRoleProviderBase>.GetDefault() backwards compatible?
Edit: Episerver support had already received a bug report about the issue: This is an issue which has been reported already and a bug has been created: FIND-973 After upgrading cms.core to 9.8.0 .FilterOnReadAccess() and .FilterForVisitor() stops working for anonymous users
Any update on this? Got the same problem for one customer.
Can't seem to find it in their buglist:
"The bug you were looking for – FIND-973 – doesn’t exist"
I asked the support if they knew anything.
"The developers haven't started to investigate this bug yet. The bug is in 'Triage' which means that the process hasn't started yet."
The bug has been fixed and is currently in test for verification. If everything goes as planned it should be included in next release of EPiServer.CMS.Core
Great news! But when are you planning the next release of EPiServer.CMS.Core?
Hopefully at the end of this week (friday) or early next week
Same here, little bit of panic here, please fix this rapidly!
I see now there is a new release out!
Is the fix included in this update?
The fix is included in EPiServer.CMS.Core 9.9.0