SharePoint FBA Users being removed from SharePoint

Oct 19, 2012 at 10:26 AM
Edited Oct 19, 2012 at 10:28 AM

I have a very unusual issue where users created with the backend, work fine for a while, but at some point they are not SharePoint Users anymore. ie. their SPUser isn't in the SiteUserInfoList. So in the User Management page, the 'IsInSharepoint' field is no.

The FBAUser is still there, and they can still log in. We have some UserProfile stuff setup, so when accessing the profile, it gives us a Data Not Found error.

I'm sure if I can figure out what's kicking them out of SharePoint, my other issue will go away.

One thing from the logs I've found, which occured when a said user logged in (and may well be the cause) is:

SPClaimsAuthRoleProvider.GetRolesForUserBestEffort() failed to load groups for '0#.f|fbamembershipprovider|xxxxxx': System.NullReferenceException: Object reference not set to an instance of an object.     at Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider.GetRolesForUserBestEffort(String username).

Can't seem to find much about it on the net. Also, the Profile information still exists, I know this because when I go to the edit user screen in the management section, the modified form which includes profile fields, still pulls in all the info from the profile.

Any help would be much appreciated.

thanks, Bav

Coordinator
Oct 19, 2012 at 2:34 PM

Can't say i've heard of this one before. But you're probably right about the error message being related to the issue.  I'd look and see what is happening on SQL Server at the time you get this message.  If you're able to replicate the error consistently, run profiler on sql server to see what's going on - that might give you a clue.

Also, is this with the standard sharepoint login page or a custom login page?  If it's custom, maybe try reverting to the standard one to see if the issue goes away.

Oct 23, 2012 at 10:35 AM

Thanks Chris,

Profiler may well be the way.

Worked out now that in the UserInfo table, a single whitespace character is being added to the end of the tp_Login variable. so 

'i:0#.f|fbamembershipprovider|xxxxxx' becomes 'i:0#.f|fbamembershipprovider|xxxxxx '

This causes errors on our userprofiles, because the username with the whitespace character is being used to locate the user profile, and can't find it. I've done a couple of quickfixes, by just trimming usernames, but ultimately I still need to find out what causes the extra whitespace character to be added, as things like our customised newsfeed causes errors too.

This so far only seems to be happening with users created from the user management section, and not with self registered users, but this could just be conincidence.

It's a weird one, if you've heard of anything like this before, please do let me know, and vice versa if I find anything out, I'll update this post.

Cheers,

Bav

Coordinator
Oct 23, 2012 at 12:56 PM

Glad to see you figured out the cause.  I can't say I've heard anybody else mention this.

User fields haven't been trimmed before they're saved, so doing that will probably solve your issue.  I've raised an issue in the issue tracker to fix this in the next version:

http://sharepoint2010fba.codeplex.com/workitem/824

I'm guessing the usernames are being copy/pasted from somewhere, which could explain the extra space.

Oct 23, 2012 at 1:32 PM

Absolutely correct. From what I can gather I think a user has pasted in their username from an email, leaving in the trailing whitespace character.

From reading this: http://www.networksteve.com/enterprise/topic.php/User_automatically_getting_deleted_from_site_collection/?TopicId=59937&Posts=2

It looks as though if a user logs in with the space, SharePoint marks the current profile as deleted, then creates a new one and still allows for a login. There is a better explanation in the post. I've trimmed a fair bit now so my project seems solid.

Again, like you said, I had to modify my custom login form, as that is the culprit. Just added some trims to entered usernames, and that seems to have solved the issue, which in turn, would in theory mean you don't need to do it elsewhere in the project. So not sure if it needs to be a fix, but I'll leave that upto you.

Cheers!

Coordinator
Oct 23, 2012 at 1:37 PM

That's interesting (and scary) that it deletes it based on what you use to login. I'm sure lots of users copy their username from an email or elsewhere. At least you have a custom login form that you're able to modify - I can't believe this happens with the default login page - i'd say that's a pretty serious bug.

Oct 23, 2012 at 1:42 PM

Yeah totally, I didn't read (or debug) enough for it to see if it was for the default login too. And I'm not sure which profile the article is referring to, as my actual Sharepoint UserProfile info is still  there, just flagged I guess. I'm blaming SharePoint!