Bug #77264 Problem removing a user from the MySQL my_aspnet_usersinroles database table. T
Submitted: 5 Jun 2015 19:49 Modified: 2 Jul 2015 5:43
Reporter: Yvette Hayes Email Updates:
Status: Verified Impact on me:
None 
Category:Connector / NET Severity:S2 (Serious)
Version:6.9 OS:Windows
Assigned to: CPU Architecture:Any
Tags: Connector/Net, Removeuserfromrole

[5 Jun 2015 19:49] Yvette Hayes
Description:
Problem removing a user from the MySQL my_aspnet_usersinroles database table.  The System.Web.Security.Roles.RemoveUserFromRole() method (as well as the Roles.RemoveUsersFromRole()
 method) does not remove a user from a role if the user name has a backslash in it.

Using:
Visual Studio 2010 SP1 ; authentication mode="Windows" ; IIS Express
MySQL Connector/Net 6.9 ; MySQLRoleProvider
MySQL Server 5.0.77

The following example creates a role and two users, one with a backslash character in it and one without.
Each user is added to the role, then each user is removed from the role by calling Roles.RemoveUserFromRole().  Next, Roles.GetUsersInRole() is called to list users in the role.  The resulting list should be blank, however, the user with a backslash in its name is still in the list.  The output is shown below.

Question: How to remove a user from a role if the user’s  name has a backslash in it?

How to repeat:
protected void Page_Load(object sender, EventArgs e)
    {

      //  Create two users and a role

      string roleName = "MyRole1";
      string aUser = "auser1";
      string aUserWithBackslash = "XXX\\aUserWithBackslash"; // Username with a backslash in it.

      lbl_test.Text += string.Format("current user 1: {0}<br>", aUser);
      lbl_test.Text += string.Format("current user 2: {0}<hr>", aUserWithBackslash);
     
       // Create the role
      if (!Roles.RoleExists(roleName))
      {
        Roles.CreateRole(roleName);
       lbl_test.Text += string.Format("role [{0}] created.<hr>", roleName);
      }

       // Add the two users to the role:
       // Note: if the user does not exist, they are also added to the my_aspnet_users table
      if (!Roles.IsUserInRole(aUser, roleName))
      {
        Roles.AddUserToRole(aUser, roleName);
        lbl_test.Text += string.Format(
          "user [{0}] added to role [{1}]<br>", aUser, roleName
        );
      }

      if (!Roles.IsUserInRole(aUserWithBackslash, roleName))
      {
        Roles.AddUserToRole(aUserWithBackslash, roleName);
        lbl_test.Text += string.Format(
          "user [{0}] added to role [{1}]<hr>", aUserWithBackslash, roleName
        );
      }

      // Remove the two users from the role.
      if (Roles.RoleExists(roleName))
      {
         // User aUser is removed
        if (Roles.IsUserInRole(aUser, roleName))
        {
          Roles.RemoveUserFromRole(aUser, roleName);
          lbl_test.Text += string.Format(
            "user [{0}] removed from role [{1}]<br>", aUser, roleName
          );
        }

        // However, even though the method 
        // Roles.RemoveUserFromRole(aUserWithBackslash, roleName) 
        // executes with no errors, the user aUserWithBackslash is in fact 
        // NOT removed from the role 
        if (Roles.IsUserInRole(aUserWithBackslash, roleName))
        {
          //Roles.RemoveUserFromRole(aUserWithBackslash, roleName);
          //lbl_test.Text += string.Format(
          //  "user [{0}] removed from role [{1}]<hr>", aUserWithBackslash, roleName
          //);

          try
          {
            Roles.RemoveUserFromRole(aUserWithBackslash, roleName);

            // The method Roles.RemoveUserFromRoles() does not work either:
            //string[] removeUserFromRolesList = new string[] { roleName };
            //Roles.RemoveUserFromRoles(aUserWithBackslash, removeUserFromRolesList);

            // The following returns error :
            // "An exception of type System.Configuration.Provider.ProviderException was encountered removing the user XXX\aUserWithBackslash from the role. User not in role."
            //Roles.RemoveUserFromRole(aUserWithBackslash.Replace(@"\", @"\\"), roleName); 

            lbl_test.Text += string.Format(
              "user [{0}] removed from role [{1}]<hr>", aUserWithBackslash, roleName
            );
          }
          catch (ArgumentNullException anex)
          {
            lbl_test.Text += "An exception of type " + anex.GetType().ToString() + " was encountered removing the user from the role. - either roleName or username is null<br>" + anex.Message + "<br><br>";
          }
          catch (ArgumentException aex)
          {
            lbl_test.Text += "An exception of type " + aex.GetType().ToString() + " was encountered removing the user from the role. - either roleName or username is empty or contains a comma<br>" + aex.Message + "<br><br>";
          }
          catch (System.Configuration.Provider.ProviderException pex)
          {
            lbl_test.Text += "An exception of type " + pex.GetType().ToString() + " was encountered removing the user " + aUserWithBackslash + " from the role. " + pex.Message + "<br><br>";
          }
          catch (Exception ex)
          {
            lbl_test.Text += "An exception of type " + ex.GetType().ToString() + " was encountered removing the user from the role.<br>" + ex.Message + "<br><br>";
          }
        }
        // 
........// Now list the users in the role:
        // aUser is no longer in the role, however, aUserWithBackslash remains!
        //
        string[] usersInRole = Roles.GetUsersInRole(roleName);
        lbl_test.Text += string.Format("The following users are in role [{0}]:<br>", roleName);
        foreach (string sUser in usersInRole)
        {
          lbl_test.Text += string.Format("{0}<br>", sUser);
        }
      }
    }

The output of the following code:

User 1: auser1
User 2: XXX\aUserWithBackslash

role [MyRole1] created.

user [auser1] added to role [MyRole1]
user [XXX\aUserWithBackslash] added to role [MyRole1]

user [auser1] removed from role [MyRole1]
user [XXX\aUserWithBackslash] removed from role [MyRole1]

The following users are in role [MyRole1]:
XXX\aUserWithBackslash
[2 Jul 2015 5:43] Chiranjeevi Battula
Hello Yvette Hayes,

Thank you for the bug report.
Verified based on internal discussion with dev's.

Thanks,
Chiranjeevi.