London Dev Meetup Rescheduled! Due to unavoidable reasons, the event has been moved to 21st May. Speakers remain the same—any changes will be communicated. Seats are limited—register here to secure your spot!

AI OnAI Off

Duplicate users in CMS possible causing exception

Tim Schmelter
Tim Schmelter
Vote:
 

It seems to be possible to create duplicate users. We have 2 users which cause a 500 if you try to look at their user-profile(Admin>Search user/group>click):

System.Web.HttpUnhandledException (0x80004005): Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.ArgumentException: An item with the same key has already been added.
   at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource)
   at System.Collections.Generic.Dictionary`2.Insert(TKey key, TValue value, Boolean add)
   at System.Collections.Generic.Dictionary`2.System.Collections.IDictionary.Add(Object key, Object value)
   at EPiServer.Data.Serialization.Internal.CollectionHandler.CreateCollection(Type runtimeCollectionType, ArrayList keys, ArrayList values, LoadingContext context, Func`3 processItem)
   at EPiServer.Data.Serialization.Internal.CollectionHandler.CreateCollection(Type runtimeCollectionType, ArrayList keys, ArrayList values)
   at EPiServer.Data.Dynamic.Providers.Internal.DbDataStoreProvider.LoadCollection(ProviderCallContext context, PropertyMap propertyMap)
   at EPiServer.Data.Dynamic.Providers.Internal.DbDataStoreProvider.LoadReferencesAndCollections(ProviderCallContext ctx)
   at EPiServer.Data.Dynamic.Providers.Internal.DbDataStoreProvider.LoadObject(ProviderCallContext context)
   at EPiServer.Data.Providers.Internal.SqlDatabaseExecutor.<>c__DisplayClass31_0`1.<Execute>b__0()
   at EPiServer.Data.Providers.SqlTransientErrorsRetryPolicy.Execute[TResult](Func`1 method)
   at EPiServer.Data.Dynamic.DynamicDataStore.InternalLoad(Identity id, Type type, LoadAsObjectType loadAs, ProviderCallContext parentContext)
   at EPiServer.Data.Dynamic.Internal.EPiServerDynamicDataStore.Load[TResult](Identity id)
   at EPiServer.Data.Dynamic.Internal.DynamicDataCollection`1.DynamicDataCollectionEnumerator.get_Current()
   at System.Linq.Enumerable.FirstOrDefault[TSource](IEnumerable`1 source)
   at EPiServer.Shell.Profile.ProfileRepository.GetProfile(String userName)
   at EPiServer.UI.Edit.UserGuiSettings.LoadSettings(String userName, EPiServerProfile data)
   at EPiServer.UI.Edit.UserMembership.Init

I have tried to delete these users:

DELETE FROM  [dbo].[AspNetUsers]
WHERE Email in ('problem_email')

But the customer reported the same issue again after he re-created that user later.

What is causing this issue and how to prevent it? It's obvious that Epi tries to add a key twice to the dictionary, but what key and where is it stored?

#305287
Edited, Jul 17, 2023 8:08
Paul McGann (Netcel)
Paul McGann (Netcel)
Vote:
 

Hi Tim,

Could I ask which membership provider you are using? SQL, AspNetIdentity, AAD, etc?

Thanks

Paul

#305290
Jul 17, 2023 16:18
Tim Schmelter - Jul 17, 2023 18:18
We're using AspNet Identity with OpenIdConnect and ForgeRock. So the users are in the table AspNetUsers. It's working without issues since december 2021.

I thought it would be enough to delete them there with;
DELETE FROM AspNetUsers WHERE UserName = 'username'

Now i have used the sql profiler to see what Epi does when i delete a user. Maybe this should work?

DECLARE @username NVARCHAR(4000) = N'username';
exec netContentAclDeleteEntity @Name=@username,@IsRole=0
exec netPermissionDeleteMembership @Name=@username,@IsRole=0

DELETE [dbo].[AspNetUsers] WHERE LOWER(UserName)=@username

DELETE [dbo].[Profiles] WHERE UserId = (SELECT UserId FROM [dbo].[Users] WHERE LOWER(UserName)=@username)
DELETE [dbo].[Users] WHERE LOWER(UserName)=@username

DELETE FROM [dbo].[tblBigTableIdentity] WHERE PkId=(SELECT pkId FROM dbo.tblSystemBigTable WHERE LOWER(String01)=@username)
DELETE FROM [dbo].[tblSystemBigTable] WHERE LOWER(String01)=@username
Surjit Bharath
Surjit Bharath
Vote:
 

have you established if there's duplicate entries in the database?

Is the issue occuring for one of your users or all your users?

#305296
Jul 17, 2023 17:01
Tim Schmelter - Jul 17, 2023 18:20
There is no duplicate user(in AspNetUsers) but there is a duplicate key in an Epi dictionary if i call the user's profile page in CMS. So you cannot edit or delete these users(2 had the issue). So some´where the profile data is corrupt.
Surjit Bharath - Jul 19, 2023 20:18
Since forgerock is a federated authentication provider...by any chance has the customer registered twice through two different IDPs? I don't know what the key dictionary is using (I'm assuming its email or maybe a composite) but maybe that's what's knocking it out?
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.