Vulnerability in EPiServer.Forms
I have a situation where I need to be able to change usernames of EPi-users.
We have inherited a project that includes a custom .NET site and an Epi-site running EPiServer.CMS(v 9.7.1 but will be updated in a near future).
The .NET site is creating users which later on also is synced to the Epi-site.
If user data, like name or phone number, is changed in the custom-site then the changes will also be synced to the Epi-site.
The problem we are facing is that the custom-site are using email address as username and it is also possible to change the email address, thus the username.
It it is not possible from the admin-interface of EPi to change a username and it is not supported by code today(?).
We need to directly change the database.
For this I have, from other post, located that we need to alter dbo.Users.UserName and matching entries in dbo.tblContentAccess.Name.
Does anyone have some more input on this?
Is there some more tables that needs to be altered?
Is there any other way to do it?
Can it result in any problems?
Any 'ready to use' stored procedure to be shared?
For EPi-Support: it would be sweet to, in the future, have the functionality to be able to change usernames.
I did this for another project I recall. I also created a custom SQL stored procedure for it. Don't have that code still though but is fairly easy.
I don't think I did anything with the tblContentAccess, I only changed the actual user name. Normally you don't have content with access rights on individual users.
I created my own admin tool plugin for it. Old username => new username => Ok. Really? really? Yes.