Vulnerability in EPiServer.Forms
We are using Active directory Role and Membership providers for one of our websites although when we specify the Active directory using the GC: moniker we get the following error message (using LDAP within the connectionString works fine) :
Parser Error Message: Index was out of range. Must be non-negative and less than the size of the collection.Parameter name: indexSource Error:
Line 237: <add name="SqlServerRoleProvider" connectionStringName="EPiServerDB" applicationName="EPiServerSample" type="System.Web.Security.SqlRoleProvider, System.Web, Version=22.214.171.124, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
Line 238: <add name="ActiveDirectoryRoleProvider"
Line 239: type="EPiServer.Security.ActiveDirectoryRoleProvider, EPiServer" Line 240: connectionStringName="ActiveDirectoryProviderConnection"
Line 241: connectionUsername="administrator"
Is anyone able to assist with this ?
Great EPiServer Support Provided a Solution for this
Looks like there is a bug in the Active Directory provider. We can't find any distinguished names in your connection string, but we don't check for that, and that's why it crashes.Could you try with a connection string in this format and see if it works:GC://fabrikam.com/DC=sales,DC=fabrikam,DC=com