Sitefinity 4.1 Security Issues (After Upgrade)
Hi Guys,
Despite the other issues bugging other users, in general I am able to work with the new release. I came accross an issue, however, that I may not have noticed for awhile had I not had a specific need. Right now, I have a few users, and don't go into the user administration that much right now, and ran into a problem after the upgrade to Sitefinity 4.1:
Goto Administration-->Users
Click on any user, and the following error occurs (including admin users):
Exception Details: System.NullReferenceException: Object reference not set to an instance of an object. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [NullReferenceException: Object reference not set to an instance of an object.] Telerik.Sitefinity.Fluent.DynamicData.DynamicTypeDescriptionFacade.LoadDynamicTypeDescription(Type dynamicType) +88 Telerik.Sitefinity.Modules.UserProfiles.UserProfilesHelper.GetUserProfileType(Type clrType, String metaDataProviderName) +173 Telerik.Sitefinity.Modules.UserProfiles.Web.UI.UserProfilesControl.InitializeControls(GenericContainer dialogContainer) +578 Telerik.Sitefinity.Web.UI.SimpleView.CreateChildControls() +81 System.Web.UI.Control.EnsureChildControls() +181 System.Web.UI.Control.PreRenderRecursiveInternal() +59 System.Web.UI.Control.PreRenderRecursiveInternal() +221 System.Web.UI.Control.PreRenderRecursiveInternal() +221 System.Web.UI.Control.PreRenderRecursiveInternal() +221 System.Web.UI.Control.PreRenderRecursiveInternal() +221 System.Web.UI.Control.PreRenderRecursiveInternal() +221 System.Web.UI.Control.PreRenderRecursiveInternal() +221 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +4184 -------------------------------------------------------------------------------- Hi Greg Figueroa,
After the upgrade do you have a record in sf_meta_type_descriptions that looks like this:
id - 445278DC-F303-4BEC-8589-E2A7446C610C
app_name - //
meta_type_id - 638670CC-B540-4FD3-ADB0-101899D1630A
user_friendly_name - Basic profile
description - NULL
voa_version - 1
Also you need a record in sf_meta_types with id equal to the meta_type_id above. Some clients reported that after a fresh upgrade this issue was fixed.
Indeed the sf_meta_type_descriptions table is completely empty. I added the record, however, you say a corresponding record with an id that matches this records meta_type_id must exist in sf_meta_types, however, you neglected to tell me the following:
class_name
name_space
For now, I put "Security" in class_name and "Telerik.Sitefinity.Security.Model" in name_space. Unfortunately, the problem still exists. I suppose I'll have to create a fresh site and compare the databases. Very unfortunate.
Thanks, Greg
Okay, so I created a new site, and found the proper entries for the tables you spoke about. After making the changes, nothing is different. The error still occurs. I suppose I'll have to open a ticket.
Thanks, Greg
Hello Greg Figueroa,
It seems that the upgrade process didn't do its job properly. That's why you don't have these records in the database. Also, it seems like there are other records to be added somewhere as well, but I'm not sure how OpenAccess serializes the data. We are investigating the upgrade issues now and hopefully will fix them for the upcoming Service pack.
Best wishes,