473,324 Members | 2,239 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,324 software developers and data experts.

Serious issue with HttpContext.Current.User.Identity.Name

I have a serious issue that seems to be intermittent with
User.Identity.Name.

In an environment where about 100+ users are logging on to a site with
forms authentication, calling HttpContext.Current.User.Identity.Name
returns the correctly logged on user.

However, 10% of the time (I'm guessing under stress conditions or
simulataneous requests), the wrong user info is being returned.

The logic of this app:

1) User enters username/pass
2) Info is looked up via SQL DB call
3) If match, user is authenticated via
FormsAuthentication.RedirectFromLoginPage(username , True)
4) On all the pages the user visits, his/her info is shown via a call
to HttpContext.Current.User.Identity.Name

This works almost all the time. Any ideas why it might be failing from
time to time?

Nov 19 '05 #1
10 16955
usually a coding error where you store the user info in a vb module or c#
static during page processing.

-- bruce (sqlwork.com)

<ki*********@hotmail.com> wrote in message
news:11**********************@f14g2000cwb.googlegr oups.com...
| I have a serious issue that seems to be intermittent with
| User.Identity.Name.
|
| In an environment where about 100+ users are logging on to a site with
| forms authentication, calling HttpContext.Current.User.Identity.Name
| returns the correctly logged on user.
|
| However, 10% of the time (I'm guessing under stress conditions or
| simulataneous requests), the wrong user info is being returned.
|
| The logic of this app:
|
| 1) User enters username/pass
| 2) Info is looked up via SQL DB call
| 3) If match, user is authenticated via
| FormsAuthentication.RedirectFromLoginPage(username , True)
| 4) On all the pages the user visits, his/her info is shown via a call
| to HttpContext.Current.User.Identity.Name
|
| This works almost all the time. Any ideas why it might be failing from
| time to time?
|
Nov 19 '05 #2
Bruce,

Thanks for the reply.
Can you please give me more detail?

When you say "coding error where you store the user info", what is the
common error here?

We are not storing that info anywhere, but just calling
HttpContext.Current.User.Identity.Name whenever we need that info.
Sometimes it's correct, sometimes it's not.

Kiran

Nov 19 '05 #3
Bruce,

Thanks for the reply.
Can you please give me more detail?

When you say "coding error where you store the user info", what is the
common error here?

We are not storing that info anywhere, but just calling
HttpContext.Current.User.Identity.Name whenever we need that info.
Sometimes it's correct, sometimes it's not.

Kiran

Nov 19 '05 #4
Hi Kiran..
Are you using Forms Authentication and validating against SQL Server?
Are u sure u aren;t using Windows Auth since u are calling :-
HttpContext.Current.User.Identity.Name
Pls Elaborate more..
Patrick

"ki*********@hotmail.com" wrote:
I have a serious issue that seems to be intermittent with
User.Identity.Name.

In an environment where about 100+ users are logging on to a site with
forms authentication, calling HttpContext.Current.User.Identity.Name
returns the correctly logged on user.

However, 10% of the time (I'm guessing under stress conditions or
simulataneous requests), the wrong user info is being returned.

The logic of this app:

1) User enters username/pass
2) Info is looked up via SQL DB call
3) If match, user is authenticated via
FormsAuthentication.RedirectFromLoginPage(username , True)
4) On all the pages the user visits, his/her info is shown via a call
to HttpContext.Current.User.Identity.Name

This works almost all the time. Any ideas why it might be failing from
time to time?

Nov 19 '05 #5
Patrick,

Thanks for the reply.
Ok here is what I'm doing:

1) User enters user and pass
2) Check for match with SQL DB
3) If match, call FormsAuthentication.RedirectFromLoginPage(username ,
True)

After all that, I was under the impression that the best way to check
for the currently logged in user is to call:
HttpContext.Current.User.Identity.Name

Is this not correct? How else do you check the name with Forms
Authentication?

Thanks,
Kiran

Nov 19 '05 #6
Hello ki*********@hotmail.com,

You are correct. My guess is that somewhere you're storing/retrieving this
info from a static variable...

--
Matt Berther
http://www.mattberther.com
Patrick,

Thanks for the reply.
Ok here is what I'm doing:
1) User enters user and pass
2) Check for match with SQL DB
3) If match, call FormsAuthentication.RedirectFromLoginPage(username ,
True)
After all that, I was under the impression that the best way to check
for the currently logged in user is to call:
HttpContext.Current.User.Identity.Name

Is this not correct? How else do you check the name with Forms
Authentication?

Thanks,
Kiran

Nov 19 '05 #7
HI Kiran
As Matt stated you're storing/retrieving somewhere..!
With your Forms Auth validating against SQL server are u implementing
ROLES(Authorisation)..b-cos if you do then u must be storing USERS for
sure..
B-cos by calling "HttpContext.Current.User.Identity.Name"
ur just calling the logged on user..
Hope it helps..
Patrick
**Let me read from you**
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 19 '05 #8
Thanks for all the replies.

However, we are *not* storing this information anywhere at all.
We are not doing roles based auth.

Whenever we need to figure out who the current user is, we call
HttpContext.Current.User.Identity.Name. This is not stored in a
variable anywhere.

Am I understanding the above call correctly? If user "a" logs in and
then user "b" logs in, does calling identity.name for user "a"'s
session show user "b"'s info? Because that is what is happening with
10% of the requests.

Nov 19 '05 #9
Kiran_S_Rao,
This seems wierd!
When u talk about INFO do you mean the USerName?
Are 10% of this users in the same Domain?
As u are using Forms Auth do you have Anonymous Acces turned OFF or ON?
Patrick

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 19 '05 #10
Patrick,

Yes, the info that I was referring to was the Username.
When I say 10% of the calls fail, what I mean is that sometimes, a
given user's session will return someone else's Username.
This is not predicatable and does not happen to a certain set of
people. All the users have this happen sooner or later. There is no
domain distinction since the usernames are held in the DB, and have
nothing to do with the domain of the server.

In IIS, I have anonymous access turned ON so unregistered users can
access the rest of the site.

Nov 19 '05 #11

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: Giovanni Bassi | last post by:
Hello Group, I using impersonation on my web app. I am explicitely setting the User with the identity element in the web.config like this: <identity impersonate="true" userName="MyUsr"...
4
by: Dan Bart | last post by:
I am using an application which is a modification of IBuySpy Portal. It is using Forms authentication. Users login and their name is added to Context Then I use: ...
4
by: Gilles | last post by:
Hello, I'm facing a big problem in an Asp.Net application, when users connect the application, I store their user informations into the session object (session_start). But when 2 users click...
1
by: vvenk | last post by:
Hello: I am trying to initialize a User object at application start: Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs) ' Fires when the application is started Dim loOutcome...
2
by: nalbayo | last post by:
what's the difference between HttpContext.Current.User.Identity.Name; and Context.User.Identity.Name; thanks!
0
by: D-Someone | last post by:
We have an active directory user that just had her username renamed. When the user is running an application that calls our CurrentUser web service method (which returns the value of...
2
by: Abraham Andres Luna | last post by:
hello everyone, does anyone know why i can't access the HttpContext.Current.User.Identity.Name property in a .cs file? this is the index.aspx page: <%@ Page Language="C#" %> <script...
4
by: Doogie | last post by:
Hi, I am using HttpContext.Current.User.Identity.Name to get a user id from a web application. I then use that as part of a name of a cookie I'm writing. 30 minutes later I do a refresh of this...
0
by: =?Utf-8?B?QW50b25pbyBPJydOZWFs?= | last post by:
We changed a username in AD. The user now logs on to a computer on our network using the new username without any problems. They can not logon using the old username. However, when they access a...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.