Membership Provider Bug?

Posted by Community Admin on 04-Aug-2018 17:57

Membership Provider Bug?

Sitefinity - Bugs & Issues

All Replies

Posted by Community Admin on 10-Aug-2012 00:00

We are trying to use ASP.NET SQL Membership Provider with Sitefinity 5.1 for a critical project and running into an issue with Sitefinity not allowing ASP.Net SQL Membership provider user to be saved with Sitefinity backend access.

Here are the steps to duplicate the issue:

1. Download version 5.1 of Sitefinity.
2. Create a new Sitefinity project and create a user called "admin".
3. Open the project in Visual Studio 2010.
4. Follow the instructions to setup ASP.NET SQL Membership provider as described in this blog post: http://www.sitefinity.com/blogs/slavoingilizov/posts/11-04-20/using_the_asp_net_sql_membership_provider_in_sitefinity.aspx 
5. So up to this point, you will be able to successfully add a user "test" using the ASP.NET SQL Membership provider and give it access to the Sitefinity backend.
6. You can verify that the user "test" is valid by logging out and logging in as "test" in Sitefinity backend (localhost:port/Sitefinity).
7. Now if you try to add any more users from Sitefinity backend using either the "admin" (default provider) or the "test" (AspnetSqlMembershipProvider) login under the AspnetSqlMembershipProvider tab of Sitefinity backend (see this image: www.sitefinity.com/.../userlist.sflb.ashx), you will get an error: "ERROR: Item could not be saved.".
8. You can also add the users using the ASP.NET Web Site Administration tool but when you go to Sitefinity backend and go to AspnetSqlMembershipProvider tab and attempt to give user access to site backend and make it a member of Administrators role and try to save it, you will again get an error: "ERROR: Item could not be saved.". 

The problem seems to be that after you give one ASP.NET SQL Membership Provider user access to Sitefinity backend, you can not give access to any more ASP.NET SQL Membership Provider users!  

Posted by Community Admin on 10-Aug-2012 00:00

This is the error I see in Sitefinity error log:

Message: HandlingInstanceID: 22ee66b6-3dcb-4af6-9b9c-0abcda462d73e
An exception of type 'Telerik.Sitefinity.Utilities.MS.ServiceModel.Web.WebProtocolException' occurred and was caught.
---------------------------------------------------------------------------------------------------------------------
08/10/2012 11:22:29
Type : Telerik.Sitefinity.Utilities.MS.ServiceModel.Web.WebProtocolException, Telerik.Sitefinity.Utilities, Version=5.1.3210.0, Culture=neutral, PublicKeyToken=b28c218413bdf563
Message : ERROR: Item could not be saved.
Source : Telerik.Sitefinity
Help link : 
StatusCode : InternalServerError
StatusDescription : ERROR: Item could not be saved.
IsDetailXhtml : True
Data : System.Collections.ListDictionaryInternal
TargetSite : Telerik.Sitefinity.Security.Web.Services.WcfMembershipUser SaveUserInternal(Telerik.Sitefinity.Security.Web.Services.WcfMembershipUser, System.Guid, System.String, Boolean, Boolean)
detailWriterInstance : Telerik.Sitefinity.Utilities.MS.ServiceModel.Web.WebProtocolException+StringDetailWriter
Stack Trace :    at Telerik.Sitefinity.Security.Web.Services.Users.SaveUserInternal(WcfMembershipUser user, Guid userId, String providerName, Boolean update, Boolean updateRoles)
   at Telerik.Sitefinity.Security.Web.Services.Users.CreateUser(WcfMembershipUser user, String userId, String provider)
   at SyncInvokeCreateUser(Object , Object[] , Object[] )
   at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
   at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)

Posted by Community Admin on 10-Aug-2012 00:00

We suspect that the bug is in Telerik.Sitefinity.dll. We decompiled the code and if you look into Telerik.Sitefinity.Security.MembershipProviderWrapper, you will see that in CommitTransactionInternal()  method, the code iterates through each user in the userList and checks if the user is new, dirty (changed) or deleted. If any of these are true, it updates the userEvent. So it works fine the first time adding a user when the user is new or dirty and there are no other users in the list. 

But after you have already added a user, now when you try to add another user, the code iterates through the list (which now has two users: existing one and the new one). Since the existing user does not fall into any of the following: New, Dirty (changed) or Deleted, the code leaves userEvent = null for that loop. That causes null reference exception when the code tries to use userEvent in this.PopulateUserEventBase(userEvent, wrapper) before even going to the newly added user in the next loop. 
  
private void CommitTransactionInternal()

    object obj2;
    List<UserEventBase> list = new List<UserEventBase>();
    base.TryGetExecutionStateData("EventOriginKey", out obj2);
    foreach (UserWrapper wrapper in this.userList.Values)
    
        UserEventBase userEvent = null;
        if (wrapper.IsNew)
        
            MembershipCreateStatus status;
            string passwordQuestion = wrapper.PasswordQuestion;
            string passwordAnswer = wrapper.PasswordAnswer;
            if (passwordQuestion == string.Empty)
            
                passwordQuestion = null;
            
            if (passwordAnswer == string.Empty)
            
                passwordAnswer = null;
            
            this.membershipProvider.CreateUser(wrapper.UserName, wrapper.Password, wrapper.Email, passwordQuestion, passwordAnswer, wrapper.IsApproved, wrapper.Id, out status);
            wrapper.IsNew = false;
            wrapper.IsDirty = false;
            userEvent = new UserCreated();
        
        if (wrapper.IsDirty)
        
            MembershipUser user = this.membershipProvider.GetUser(wrapper.UserName, false);
            if (user == null)
            
                continue;
            
            wrapper.CopyDetailsToMembershipUser(ref user);
            this.membershipProvider.UpdateUser(user);
            wrapper.IsDirty = false;
            userEvent = new UserUpdated 
                ApprovalStatusChanged = wrapper.IsAprovalStatusChanged,
                PasswordChanged = wrapper.IsPasswordChanged
            ;
        
        if (wrapper.IsDeleted)
        
            this.membershipProvider.DeleteUser(wrapper.UserName, true);
            userEvent = new UserDeleted();
        
        this.PopulateUserEventBase(userEvent, wrapper);
        list.Add(userEvent);
    
    this.userList.Clear();
    foreach (UserEventBase base3 in list)
    
        this.RaiseEvent(base3, obj2, false);
   

Posted by Community Admin on 29-Aug-2012 00:00

Your are my angel man, we have the same problem with custom membership provider since updating to sitefinity 5.1 (from 5.0) for some days, we thought there was a problem in our membership provider and we couldn't find out why until now, thanks.
whats the solution now? is there any way to downgrade to 5.0 (5.1 seems too buggy)?

Posted by Community Admin on 29-Aug-2012 00:00

Contact the Sitefinity support and also vote on this:  http://www.telerik.com/support/pits.aspx#/public/sitefinity/12315
(I believe that they have located the bug and are in the process of fixing it but if you are affected, I would recommend that you contact their support as I did)

Posted by Community Admin on 11-Sep-2012 00:00

This has been fixed in Sitefinity 5.1 SP2

This thread is closed