We are using an external identity provider for sign in for users on our site using OpenID Connect. When the user has successfully logged in, we sync the role claims via the ISynchronizingUserService like stated in the documentation(https://docs.developers.optimizely.com/content-management-system/docs/integrate-azure-ad-using-openid-connect#configure-openid-connect) so they end up in the tblSynchedUser, tblSynchedUserRole and tblSynchedUserRelations tables. We have a lot of users (around 500 000) in production. When setting access rights (https://siteurl.com/EPiServer/EPiServer.Cms.UI.Admin/default#/AccessRights/SetAccessRights) it looks like the fetching of users is very slow. Searching for VirtualRoles, Roles, VisitorGroups and Applications is fast. But searching for Users takes over 6 seconds(see attachemnt searchentities.png). And it looks like the search takes the same amount of time for every pagination
I did some reflection of the code and it looks like the maxRows parameter passed from EPiServer.Cms.UI.Admin.AccessRights.Internal.SetAccessRightsController.SearchUsers does not end up all the way to the database. EPiServer.Security.SynchronizingRolesSecurityEntityProvider.SearchAsync calls EPiServer.Security.Internal.DefaultSynchronizedUsersRepository.FindUsersAsync which then calls EPiServer.DataAccess.Internal.SynchronizeUsersDB.FindUsersByNameAsync which ends up calling stored procedure netSynchedUserList with parameter MaxCount set to int.MaxValue. If I have not specified any search pattern this results in the query fetching all 500 000 users for every paging. Should this maybe be done a better way? Too me it looks like all users are fetched from the database every time and then filtered in EPiServer.Security.SynchronizingRolesSecurityEntityProvider.SearchAsync ToPagedResult(). EPiServer.Security.Internal.DefaultSynchronizedUsersRepository.FindAsync looks like takes care of this in a better way, it passes the pageIndex and pageSize so it only fetches the users it is supposed to show.
