Friday, June 29, 2007

Serious issue with HttpContext.Current.User.Identity.Name

 
kiran_s_rao@hotmail.com's Avatar
kiran_s_rao@hotmail.com
Guest
n/a Posts
November 19th, 2005
12:27 AM
#1

Serious issue with HttpContext.Current.User.Identity.Name
I have a serious issue that seems to be intermittent with
User.Identity.Name.

In an environment where about 100+ users are logging on to a site with
forms authentication, calling HttpContext.Current.User.Identity.Name
returns the correctly logged on user.

However, 10% of the time (I'm guessing under stress conditions or
simulataneous requests), the wrong user info is being returned.

The logic of this app:

1) User enters username/pass
2) Info is looked up via SQL DB call
3) If match, user is authenticated via
FormsAuthentication.RedirectFromLoginPage(username , True)
4) On all the pages the user visits, his/her info is shown via a call
to HttpContext.Current.User.Identity.Name

This works almost all the time. Any ideas why it might be failing from
time to time?
 
bruce barker's Avatar
bruce barker
Guest
n/a Posts
November 19th, 2005
12:28 AM
#2

Re: Serious issue with HttpContext.Current.User.Identity.Name
usually a coding error where you store the user info in a vb module or c#
static during page processing.

-- bruce (sqlwork.com)

<kiran_s_rao@hotmail.com> wrote in message
news:1102451962.249708.187910@f14g2000cwb.googlegr oups.com...
| I have a serious issue that seems to be intermittent with
| User.Identity.Name.
|
| In an environment where about 100+ users are logging on to a site with
| forms authentication, calling HttpContext.Current.User.Identity.Name
| returns the correctly logged on user.
|
| However, 10% of the time (I'm guessing under stress conditions or
| simulataneous requests), the wrong user info is being returned.
|
| The logic of this app:
|
| 1) User enters username/pass
| 2) Info is looked up via SQL DB call
| 3) If match, user is authenticated via
| FormsAuthentication.RedirectFromLoginPage(username , True)
| 4) On all the pages the user visits, his/her info is shown via a call
| to HttpContext.Current.User.Identity.Name
|
| This works almost all the time. Any ideas why it might be failing from
| time to time?
|



Kiran_S_Rao's Avatar
Kiran_S_Rao
Guest
n/a Posts
November 19th, 2005
12:28 AM
#3

Re: Serious issue with HttpContext.Current.User.Identity.Name
Bruce,

Thanks for the reply.
Can you please give me more detail?

When you say "coding error where you store the user info", what is the
common error here?

We are not storing that info anywhere, but just calling
HttpContext.Current.User.Identity.Name whenever we need that info.
Sometimes it's correct, sometimes it's not.

Kiran


Kiran_S_Rao's Avatar
Kiran_S_Rao
Guest
n/a Posts
November 19th, 2005
12:28 AM
#4

Re: Serious issue with HttpContext.Current.User.Identity.Name
Bruce,

Thanks for the reply.
Can you please give me more detail?

When you say "coding error where you store the user info", what is the
common error here?

We are not storing that info anywhere, but just calling
HttpContext.Current.User.Identity.Name whenever we need that info.
Sometimes it's correct, sometimes it's not.

Kiran


Patrick.O.Ige's Avatar
Patrick.O.Ige
Guest
n/a Posts
November 19th, 2005
12:28 AM
#5

Re: Serious issue with HttpContext.Current.User.Identity.Name
Hi Kiran..
Are you using Forms Authentication and validating against SQL Server?
Are u sure u aren;t using Windows Auth since u are calling :-
HttpContext.Current.User.Identity.Name
Pls Elaborate more..
Patrick



"kiran_s_rao@hotmail.com" wrote:
[color=blue]
> I have a serious issue that seems to be intermittent with
> User.Identity.Name.
>
> In an environment where about 100+ users are logging on to a site with
> forms authentication, calling HttpContext.Current.User.Identity.Name
> returns the correctly logged on user.
>
> However, 10% of the time (I'm guessing under stress conditions or
> simulataneous requests), the wrong user info is being returned.
>
> The logic of this app:
>
> 1) User enters username/pass
> 2) Info is looked up via SQL DB call
> 3) If match, user is authenticated via
> FormsAuthentication.RedirectFromLoginPage(username , True)
> 4) On all the pages the user visits, his/her info is shown via a call
> to HttpContext.Current.User.Identity.Name
>
> This works almost all the time. Any ideas why it might be failing from
> time to time?
>
>[/color]

Kiran_S_Rao's Avatar
Kiran_S_Rao
Guest
n/a Posts
November 19th, 2005
12:28 AM
#6

Re: Serious issue with HttpContext.Current.User.Identity.Name
Patrick,

Thanks for the reply.
Ok here is what I'm doing:

1) User enters user and pass
2) Check for match with SQL DB
3) If match, call FormsAuthentication.RedirectFromLoginPage(username ,
True)

After all that, I was under the impression that the best way to check
for the currently logged in user is to call:
HttpContext.Current.User.Identity.Name

Is this not correct? How else do you check the name with Forms
Authentication?

Thanks,
Kiran


Matt Berther's Avatar
Matt Berther
Guest
n/a Posts
November 19th, 2005
12:28 AM
#7

Re: Serious issue with HttpContext.Current.User.Identity.Name
Hello kiran_s_rao@hotmail.com,

You are correct. My guess is that somewhere you're storing/retrieving this
info from a static variable...

--
Matt Berther
http://www.mattberther.com
[color=blue]
> Patrick,
>
> Thanks for the reply.
> Ok here is what I'm doing:
> 1) User enters user and pass
> 2) Check for match with SQL DB
> 3) If match, call FormsAuthentication.RedirectFromLoginPage(username ,
> True)
> After all that, I was under the impression that the best way to check
> for the currently logged in user is to call:
> HttpContext.Current.User.Identity.Name
>
> Is this not correct? How else do you check the name with Forms
> Authentication?
>
> Thanks,
> Kiran[/color]



Patrick Olurotimi Ige's Avatar
Patrick Olurotimi Ige
Guest
n/a Posts
November 19th, 2005
12:29 AM
#8

Re: Serious issue with HttpContext.Current.User.Identity.Name
HI Kiran
As Matt stated you're storing/retrieving somewhere..!
With your Forms Auth validating against SQL server are u implementing
ROLES(Authorisation)..b-cos if you do then u must be storing USERS for
sure..
B-cos by calling "HttpContext.Current.User.Identity.Name"
ur just calling the logged on user..
Hope it helps..
Patrick
**Let me read from you**


*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Kiran_S_Rao's Avatar
Kiran_S_Rao
Guest
n/a Posts
November 19th, 2005
12:31 AM
#9

Re: Serious issue with HttpContext.Current.User.Identity.Name
Thanks for all the replies.

However, we are *not* storing this information anywhere at all.
We are not doing roles based auth.

Whenever we need to figure out who the current user is, we call
HttpContext.Current.User.Identity.Name. This is not stored in a
variable anywhere.

Am I understanding the above call correctly? If user "a" logs in and
then user "b" logs in, does calling identity.name for user "a"'s
session show user "b"'s info? Because that is what is happening with
10% of the requests.


Patrick Olurotimi Ige's Avatar
Patrick Olurotimi Ige
Guest
n/a Posts
November 19th, 2005
12:32 AM
#10

Re: Serious issue with HttpContext.Current.User.Identity.Name
Kiran_S_Rao,
This seems wierd!
When u talk about INFO do you mean the USerName?
Are 10% of this users in the same Domain?
As u are using Forms Auth do you have Anonymous Acces turned OFF or ON?
Patrick



*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Kiran_S_Rao's Avatar
Kiran_S_Rao
Guest
n/a Posts
November 19th, 2005
12:33 AM
#11

Re: Serious issue with HttpContext.Current.User.Identity.Name
Patrick,

Yes, the info that I was referring to was the Username.
When I say 10% of the calls fail, what I mean is that sometimes, a
given user's session will return someone else's Username.
This is not predicatable and does not happen to a certain set of
people. All the users have this happen sooner or later. There is no
domain distinction since the usernames are held in the DB, and have
nothing to do with the domain of the server.

In IIS, I have anonymous access turned ON so unregistered users can
access the rest of the site.



 
 

0 Comments: