Ensure safer access to system.web.security.roles (#2425)

Follow up from: - #2377 - #2417
elastic · Aug 19, 2024 · 72a5b8d · 72a5b8d
1 parent 824a5b4
commit 72a5b8d
Showing 1 changed file with 20 additions and 7 deletions.
diff --git a/src/integrations/Elastic.Apm.AspNetFullFramework/ElasticApmModule.cs b/src/integrations/Elastic.Apm.AspNetFullFramework/ElasticApmModule.cs
@@ -632,10 +632,23 @@ private void FillSampledTransactionContextUser(HttpContext context, ITransaction
 
 			var user = new User { UserName = userIdentity.Name };
 
-			var sqlRoleProvider =
-				System.Web.Security.Roles.Enabled && System.Web.Security.Roles.Providers.Cast<object>().Any(provider => provider.GetType().Name == "SqlRoleProvider");
-			if (!sqlRoleProvider && context.User is ClaimsPrincipal claimsPrincipal)
+			FillUserIdentity(context, user);
+
+			transaction.Context.User = user;
+
+			_logger.Debug()?.Log("Captured user - {CapturedUser}", transaction.Context.User);
+		}
+
+		private void FillUserIdentity(HttpContext context, User user)
+		{
+			try
 			{
+				var sqlRoleProvider =
+					System.Web.Security.Roles.Enabled && System.Web.Security.Roles.Providers.Cast<object>().Any(provider => provider.GetType().Name == "SqlRoleProvider");
+
+				if (sqlRoleProvider || context.User is not ClaimsPrincipal claimsPrincipal)
+					return;
+
 				try
 				{
 					static string GetClaimWithFallbackValue(ClaimsPrincipal principal, string claimType, string fallbackClaimType)
@@ -652,10 +665,10 @@ static string GetClaimWithFallbackValue(ClaimsPrincipal principal, string claimT
 					_logger.Error()?.Log("Unable to access user claims due to SqlException with message: {message}", ex.Message);
 				}
 			}
-
-			transaction.Context.User = user;
-
-			_logger.Debug()?.Log("Captured user - {CapturedUser}", transaction.Context.User);
+			catch (Exception ex)
+			{
+				_logger.Trace()?.Log("Error accessing System.Web.Security.Roles: {message}", ex.Message);
+			}
 		}
 
 		/// <summary>