We have a ghost in our ASP.Net membership controls

Question

We have a website set up that uses 2 differrent databases. They way it is set up now is that when you go to www.website.com and login, once authenticated you will have a cookie that is set to website1ConnectionString. Everytime that we call a datacontext with linq, we send in functionality to check the cookie name and grab the cooresponding connection string. EX PortalDataContext db = new PortalDataContext(AuthenticatedUser.ConnectionString); If a user goes to www.website.com/2ndlogin, the user is authenticated and a cookie is set with the website2ConnectionString cookie. We are running into an issue right now that randomly the users name and guid will change to another users, thus showing the wrong information.

We have noticed this by writting out the username that is associated with the logged in user and navigating the site. After some inactivity, randomly the username that is displayed on the top of each page changes to another user, along with the GUID. Sometimes it changes back and sometimes we are forced to log out and log back in.

We have had it happen recently that a user on database1 has had their username and GUID change to a user on Database2.

We are using an AuthenticatedUser class that looks like the following:

public static MembershipUser GetUser()
    {
        string connection = AuthenticatedUser.ConnectionString;
        string provider = "";
        if (connection.Contains("website2"))
        {
            provider = "website2MembershipProvider";
        }
        else
        {
            provider = "AspNetSqlMembershipProvider";
        }

        MembershipProvider prov = Membership.Providers[provider];
        MembershipUser m = prov.GetUser(UserName, true);

        return m;
    }

    public static MembershipProvider GetMembershipProvider()
    {
        string connection = AuthenticatedUser.ConnectionString;
        string provider = "";
        if (connection.Contains("website2"))
        {
            provider = "website2MembershipProvider";
        }
        else
        {
            provider = "AspNetSqlMembershipProvider";
        }

        MembershipProvider prov = Membership.Providers[provider];
        return prov;
    }

    public static Guid LoginUserID
    {
        get
        {
            Guid g = new Guid();

            string connection = AuthenticatedUser.ConnectionString;
            string provider = "";
            if (connection.Contains("website2"))
            {
                provider = "website2MembershipProvider";
            }
            else
            {
                provider = "AspNetSqlMembershipProvider";
            }

            MembershipProvider prov = Membership.Providers[provider];
            MembershipUser m = prov.GetUser(UserName, true);
            if (m != null)
            {
                g = (Guid)m.ProviderUserKey;
            }

            return g;
        }
    }

    private static string _UserName = "";
    public static string UserName
    {
        get
        {
            if (String.IsNullOrEmpty(_UserName))
            {
                if (Membership.GetUser() != null)
                {
                    return Membership.GetUser().UserName;
                }
            }
            else
            {
                return _UserName;
            }

            return "";
        }

        set
        {
            _UserName = value;
        }
    }

public static string ConnectionString
    {
        get
        {
            HttpCookie myCookie = HttpContext.Current.Request.Cookies["connectionString"];
            return GetConnectionStringFromName(myCookie);
        }
        set
        {
            if (HttpContext.Current.Request.Cookies["connectionString"] != null)
            {
                ExpireCookies(HttpContext.Current);
            }
            var allCookies = HttpContext.Current.Request.Cookies.AllKeys;
            HttpCookie cookie = new HttpCookie("connectionString");
            cookie.Value = value;
            cookie.Expires = DateTime.Now.AddYears(100);
            HttpContext.Current.Response.Cookies.Add(cookie);
        }
    }

Greg · Answer 1 · 2010-12-15T19:52:55.570

Your UserName property does not use the selected provider, it always uses the default provider. How are you using UserName? Also, when do you set m.ProviderUserKey to the GUID?

btw, you can refactor out some of the duplicate code:

public static MembershipUser GetUser()
{
    return GetMembershipProvider().GetUser(UserName, true);
}

public static MembershipProvider GetMembershipProvider()
{
    string connection = AuthenticatedUser.ConnectionString;
    string provider;
    if (connection.Contains("website2"))
    {
        provider = "website2MembershipProvider";
    }
    else
    {
        provider = "AspNetSqlMembershipProvider";
    }

    return Membership.Providers[provider];
}

public static Guid LoginUserID
{
    get
    {
        Guid g = new Guid();

        MembershipUser m = GetUser();
        if (m != null)
        {
            g = (Guid)m.ProviderUserKey;
        }

        return g;
    }
 }

I am storing the connection string name as you mentioned, not the connection string in the code... — EvanGWatkins, Dec 15 '10 at 19:47

We have a ghost in our ASP.Net membership controls

1 Answers1