Wednesday, January 18, 2023

Sitecore CLI User issue with serialization : Unable to create a user. Reason: DuplicateUserName

We are facing the following error when we change the cm & id URLs to some shorter, new URLs and login/serialize using the command- dotnet sitecore ser pull.
It says authentication failed because it cannot create a duplicate user.

Since this user is a virtual user created from configs, we are having a hard time finding the duplicate user.

Error Message:

PS C:\inetpub\wwwroot\App_Data\logs> cat Owin.log.20230109.214214.txt
4852 21:42:32 WARN Microsoft.Owin.Security.Cookies.CookieAuthenticationMiddleware -
Unprotect ticket failed
1268 21:42:32
WARN  Microsoft.Owin.Security.Cookies.CookieAuthenticationMiddleware -
Unprotect ticket failed
5548 21:42:32
WARN  Microsoft.Owin.Security.Cookies.CookieAuthenticationMiddleware -
Unprotect ticket failed
3044 21:42:33
ERROR Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationMiddleware -
Authentication failed
Exception:
System.InvalidOperationException
Message: Unable to create a user. Reason: DuplicateUserName
Source: Sitecore.Owin.Authentication at
Sitecore.Owin.Authentication.Identity.MembershipUserStore`1.CreateAsync(TUser
user)  at Microsoft.AspNet.Identity.UserManager`2.<CreateAsync>d__73.MoveNext() 
--- End of stack
trace from previous location where exception was thrown ---   at
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()   at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)  at Sitecore.Owin.Authentication.Services.DefaultApplicationUserResolver.<ResolveApplicationUserAsync>d__16.MoveNext()
--- End of stack
trace from previous location where exception was thrown ---   at
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 
   at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at
Sitecore.Owin.Authentication.Pipelines.Initialize.BearerAuthenticationBase.<ResolveUser>d__34.MoveNext()
--- End of stack
trace from previous location where exception was thrown ---
   at
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at
Sitecore.Owin.Authentication.Pipelines.Initialize.BearerAuthenticationBase.<ValidateIdentity>d__31.MoveNext()
--- End of stack
trace from previous location where exception was thrown ---
   at
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at
Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationHandler.<AuthenticateCoreAsync>d__3.MoveNext()

Solution:

The logic which determines whether a new user will be created is powered by Sitecore.Owin.Authentication.Services.DefaultApplicationUserResolver class. When you log in via external identity provider a new user is created and appropriate entries appear in the following tables of the Core database: [dbo].[aspnet_Membership], [dbo].[aspnet_Users] and [dbo].[UserLogins]. The next time you try to log in, the DefaultApplicationUserResolver.ResolveApplicationUserAsync method searches for the current user entry in the [dbo].[UserLogins] table, and if there is no appropriate entry, the method tries to create a new user. 

It is possible that the user may already exist in the  [dbo].[aspnet_Membership] and [dbo].[aspnet_Users] tables. If this user is already present in the  [dbo].[aspnet_Membership] and [dbo].[aspnet_Users] tables, but not in the [dbo].[UserLogins] one, it would cause the error.  

If the non-interactive user exists in any of the above-mentioned tables, please consider removing the user from the tables.

The SitecoreCLIServer (CLI user) is associated with the identity server URL as login provider. So it looks like the problem is coming up when we change the Identity server URL, it is trying to create a user with the same key. 

When we deploy the changes including the URL for the Identity server, you should delete this user in all three tables, so that it will create this user again before you run the serialization command.

SELECT * FROM [Sitecore.Core].[dbo].[aspnet_Membership] WHERE ApplicationID = '88HC760B3-HGKJ-4714-AF94-B755MDBDA561' ORDER BY UserId;

SELECT * FROM [Sitecore.Core].[dbo].[aspnet_Users] WHERE ApplicationID = '88HC760B3-HGKJ-4714-AF94-B755MDBDA561' ORDER BY UserId;

SELECT * FROM [Sitecore.Core].[dbo].[UserLogins] WHERE UserID = '88HC760B3-HGKJ-4714-AF94-B755MDBDA561' ORDER BY UserId;

If you are concerned about possible repercussions for removing the user from the database, please consider taking a backup of the Core database before removal. This way you can revert to the backup should you run into any issues.



at No comments:
Subscribe to: Posts (Atom)

How to Create a Public Link Using the Sitecore Content Hub REST API

Creating a public link using the Sitecore Content Hub REST API is a straightforward process that enables you to share content externally whi...