Vulnerability in EPiServer.Forms
In a solution using ActiveDirectoryMembershipProvider, I'm not able to find any users when setting one or several reviewers when setting up a new Contant Approval Sequence.
Groups is found and can be set but not specific users.
Is this a bug?
The docs specifies: Before CMS UI 10.10, a reviewer in an approval definition is the name of a user. In release 10.10, we have introduced a role reviewer, where a reviewer can be either the name of a user or a role.
I am using CMS 11.10.6 11.15.1 11.20.1 and CMS.UI.11.14.0 11.25.0 11.31.0
Do you have the package EPiServer.CMS.UI.AspNetIdentity installed in your solution? If so can you remove it and try again.
Any other takers? :)
An update on this?
Using Scotts custom implementation did not help me; Same result as not using it, (still searching through the tblSynchedUser) and to of few users in that table; so the question might be; how does the syncing work then adding AD users to that table?
Maybe can try creating a class that implements IQueryableNotificationUsers.FindAsync against the ActiveDirectoryMembershipProvider search methods, trying to return a PagedNotificationUserResult.
After some help with episerver support I was able to resolve this by not using CustomSynchronizedUsersRepository per Scotts example. This goes for using AD (non Azure) connected through ldap.
I guess a lookup will go directly towards the AD and not via tblSyncedUser.
Using overriding ActiveDirectoryRoleProvider still applies though.