EnsureUser fails in anonymous http context
Opened this issue · 3 comments
Hello.
We are running a multi-webapp SPFarm with various ISAPI calls between themselves. These calls (backend 2 backend) are unable to authenticate properly in SharePoint, resulting in an anonymous SPContext / HttpContext.
This leads to several issues in SharePoint, but also one in EntraCP. Take a look at the following code:
ClaimsProviderConstants.cs#234:
HttpContext httpctx = HttpContext.Current;
if (httpctx != null)
{
WIF4_5.ClaimsPrincipal cp = httpctx.User as WIF4_5.ClaimsPrincipal;
if (cp != null)
{
if (SPClaimProviderManager.IsEncodedClaim(cp.Identity.Name))
{
this.UserInHttpContext = SPClaimProviderManager.Local.DecodeClaimFromFormsSuffix(cp.Identity.Name);
}
else
{
// This code is reached only when called from central administration: current user is always a Windows user
this.UserInHttpContext = SPClaimProviderManager.Local.ConvertIdentifierToClaim(cp.Identity.Name, SPIdentifierTypes.WindowsSamAccountName);
}
}
}
Here we are checking if HttpContext.Current is null, which it is not. However, cp.Identity.Name is null, resulting in an ArgumentNullException. The current workaround for this is to set HttpContext.Current = null before calling .EnsureUser() such that this code doesnt run.
I think this could be solved by either checking that the context is authenticated (by checking .Identity.Name != null), or removing the code alltogether. UserInHttpContext doesnt seem to be referenced outside these two assignments.
@Vice93 thank you for reporting this, indeed this is probably legacy code, I'll fix it soon
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.