EnsureUser fails in anonymous http context

[Vice93]

Hello.

We are running a multi-webapp SPFarm with various ISAPI calls between themselves. These calls (backend 2 backend) are unable to authenticate properly in SharePoint, resulting in an anonymous SPContext / HttpContext.

This leads to several issues in SharePoint, but also one in EntraCP. Take a look at the following code:

ClaimsProviderConstants.cs#234:

    HttpContext httpctx = HttpContext.Current;
    if (httpctx != null)
    {
    	WIF4_5.ClaimsPrincipal cp = httpctx.User as WIF4_5.ClaimsPrincipal;
    	if (cp != null)
    	{
    		if (SPClaimProviderManager.IsEncodedClaim(cp.Identity.Name))
    		{
    			this.UserInHttpContext = SPClaimProviderManager.Local.DecodeClaimFromFormsSuffix(cp.Identity.Name);
    		}
    		else
    		{
    			// This code is reached only when called from central administration: current user is always a Windows user
    			this.UserInHttpContext = SPClaimProviderManager.Local.ConvertIdentifierToClaim(cp.Identity.Name, SPIdentifierTypes.WindowsSamAccountName);
    		}
    	}
    }

Here we are checking if HttpContext.Current is null, which it is not. However, cp.Identity.Name is null, resulting in an ArgumentNullException. The current workaround for this is to set HttpContext.Current = null before calling .EnsureUser() such that this code doesnt run.

I think this could be solved by either checking that the context is authenticated (by checking .Identity.Name != null), or removing the code alltogether. UserInHttpContext doesnt seem to be referenced outside these two assignments.

[Yvand]

@Vice93 thank you for reporting this, indeed this is probably legacy code, I'll fix it soon

[github-actions]

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

[Yvand]

fixed by 825a80b