User.Identity.Name swaps with other logged in users

I seem to be having a problem with User.Identity.Name, never given me any problems in the past, however, i've just put a site live and for some reason, every now and then the value of Name changes to that of another user logged into the system! However, it's only for one page view! Once you view any page again, the information resets back to the original and correct user (i.e. value in .Name).

The only one bit of information i could see on google about this related to worker processes recycling.
Is this possible? Could the worker process recycling end up with users being confused?

I am going to enable recycling reason event logging, so i can track each time the worker process cycles.

Has anyone had anything similar happen to them? Does anyone know why this might happen? :(
Thanks in advance,
Ben

 

0
bmerrills
7/10/2007 2:52:05 PM
asp.net.security 27051 articles. 1 followers. Follow

4 Replies
906 Views

Similar Articles

[PageSpeed] 18

The worker process will regularly recycle.. this is a normal behavior and your requests are completely isolated from this event.

 HttpContext is guaranteed to be unique for each and every request.  HttpContext.Current.User.Identity.Name will only change if it is changed somewhere, like in an HttpModule or something.

 

Check your code to make sure it's not being fiddled with somewhere else.  It is likely being set from some static (or threadstatic) member which is a recipe for disaster in the ASP.NET runtime environment.
 


Ben Scheirman
http://www.flux88.com

ASP.NET MVP
Certified ScrumMaster
ASPInsider
MCSD
0
subdigital
7/10/2007 3:46:18 PM
The only place I change the Context.User is in the Application_AuthenticateRequest event.
 if (Request.IsAuthenticated)
        {
            BusinessLogic.WebUser.Current = BusinessLogic.WebUser.GetUser(User.Identity.Name);
            if (BusinessLogic.WebUser.Current != null)
            {
                // Apply roles now
                Context.User = new System.Security.Principal.GenericPrincipal(User.Identity, BusinessLogic.WebUser.GetUserRoles(BusinessLogic.WebUser.Current.UserId));
                // BusinessLogic.WebUser.GetUserRoles(BusinessLogic.WebUser.Current.UserId);
            }
            else
            {
                // Something is wrong with the login token! Lets sign them out
                FormsAuthentication.SignOut();
                Response.Redirect("~/Default.aspx", true);
            }
        }else{
            // Blank User
            BusinessLogic.WebUser.Current = new BusinessLogic.WebUser();
        }

 BusinessLogic.WebUser.Current is a static member, the only thing i can think is that some how that static member is being confused between different requests by different logged in users. However, what makes me think that's not the case is that there's no evidence this happens when both the users are browsing the site, only that they have both logged in within the last 30 minutes.

So, still a little confused, if anyone has had any similar experiance?

Cheers,

Ben

0
bmerrills
7/10/2007 4:32:53 PM

So there's your problem.  You have a static member that you intend to have static for each user.

 

Each request is handled by a thread, but that same thread might be used to handle multiple requests.  Your businessLogic.WebUser.Current property can be static, but don't return a static member from it, instead, return HttpContext.Current.Items[SOME_KEY_HERE] as WebUser();

 

the context items collection is guaranteed to be isolated to this request alone.
 


Ben Scheirman
http://www.flux88.com

ASP.NET MVP
Certified ScrumMaster
ASPInsider
MCSD
0
subdigital
7/10/2007 5:05:37 PM

Thanks for the help!

Cheers,

Ben

0
bmerrills
7/11/2007 8:20:42 AM
Reply:

Similar Artilces:

Problem in getting logged in user Name for ASPX page with (even with this.User.Identity.Name)
Hi  friends,  I am creating an application that takes current logged in user and displays on the page itself. for this I am getting the user name in PageLoad function by using this.User.Identity.Name and then storing the value in a hidden variable for aspx page. I am using this hidden  variable to display the name of the user. I am using Windows authentication for this. Now problem that I am getting is that when multiple user launch the application from different machine and if they click simultaneously, name of one user appears on the paged displayed on the machine of ot...

difference between HttpContext.Current.User.Identity.Name and User.Identity.Name
Q1. what is the difference between 1. HttpContext.Current.User.Identity.Name;and 2. User.Identity.Name Q2.i'm using asp.net 2.0. i'm using the following code to authenticate FormsAuthentication.RedirectFromLoginPage(strEMail, false); Response.Redirect("web/ra.aspx"); my main web.config has <authentication mode="Forms">      <forms          name=".ASPXAUTH"          loginUrl="back.htm"          protection="All" &n...

Query logged in user
First, the obliquity I am a newbie to ASP! I have Googled for while now but cannot seem find a solution to my problem. I am trying to display the details of the logged in user (UserName). Below is my code but nothing is displayed by the query. The Label ID="lblIdentity" does display the logged on users username correctly . Any help would be appreciated.   ASPX pageā€¦     <asp:Label ID="lblIdentity" runat="server" Style="z-index: 104; left: 14px; position: absolute;             top: 28px" Text="Label">...

Separting the User name from the Machine name in User.Identity.Name
string userNameWithMachineName = User.Identity.Name; string userNameWithoutMachineName = System.IO.Path.GetFileName(userNameWithMachineName); HighOnCodingWanna get high! ...

display data for a particular logged in user (User.Identity.Name;)
hi, basically i have a database table with: fileNo, fileName, fileSize, fileType, fileOwner etc at the minute my grid view displays ALL files for every fileOwner, how does one filter this to only displaying the files which belong to a particular fileOwner who is logged in.. i.e. SELECT * FROM tblFile       WHERE fileOwner = (User.Identity.Name)         -   to show files for a user who is logged in   how does one do this please?   thanks and regards Hi,jules U can Do like thisI am assuming that ur ...

What has to happen after login before Page.User.Identity.Name contains the user name?
I am using Membership Services in my new ASP.NET 3.5 app. I want to redirect the user to a page where he can enter various personal details if he has not yet done this. I put some VB.NET code in the LoggedIn event for my Login control that depends on the availability of the current user name in Page.User.Identity.Name but this reference is Nothing at this stage in the process. Page.User.Identity.Name works fine on other pages. When exactly is Page.User.Identity.Name loaded with the name of the current user?David   The authentication process hapen like this... 1-User request a secur...

User.Identity.Name returns email address instead of user name
I have modified the login control so that the user logs in using their email instead of their user name. Here is my code:Protected Sub Login1_Authenticate(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles Login1.Authenticate Dim email As String = Login1.UserNameDim userName As String = Membership.GetUserNameByEmail(Login1.UserName)Dim userInfo As AdditionalUserInfo = New AdditionalUserInfo   If Membership.ValidateUser(userName, Login1.Password) = True ThenDim isFirstTime As Boolean = userInfo.GetUserInfo(userName).IsFirstTime If isFirstTi...

Can not get user name from HttpContext.Current.User.Identity.Name
Hi All; I have tried to use HttpContext.Current.User.Identity.Name to get window user account. However, from debugger, for a long time ago I saw my window user name. But now, I did not see my window user name (from debugger) with the same code and same function call. Please help. Was I doing something wrong? Or any special settings on web.config/machine.config or project to make it work??? I'm stuck Thanks a lot well, you have to have windows integrated authentiction enabled in IIS, IIRC.RTFM - straight talk for web developers. Unmoderated, uncensored, occasionally unre...

User Control
I am trying to convert my aspx page that has all my graphics into a header user control, in the page I reference the username that is logged into the site.  I am using the User.Identity.Name function but it tells me that User is not identifited.  This worked just fine before I moved it to the ascx page. Anyone have any ideas? Thanks Craig In a user control or custom control your will need to use either:Page.User.Identity.Name orHttpContent.Current.User.Identity.Name If using the latter, don't forget to import the System.Web namespaceBill, WESNet Designs...

User.Identity.Name in User Control
What namespace do I have to include in my User Control code behind to be able to access the Forms Login User.Identity.Name information? Thanks!I haven't failed, I've found 10,000 ways that don't work System and System.Web.UI. Here's a sample of a user control retrieving User.Identity.Name: using System; using System.Web.UI; public class MyClass: Page { public void Page_Load(Object Source, EventArgs e) { Response.Write("User.Identity.Name=" + User.Identity.Name); } } Thanks lauraThis posting is provided "AS IS"...

User.Identity.Name in User Control
Can I use User.Identity.Name in a User Control (.ascx file). I tried to use it but got the following error: " The type or namespace name 'User' could not be found (are you missing a using directive or an assembly reference?) " regards Try using HttpContext.User.Identity.Name HTH... Chris...

Getting the user name of the currently logged in user
I'm writing my first custom module. Just as an experimental project I would just display information about the currently logged in user. I can get the User Id, but I don't know where to get the rest of the information. How do I get this? Hi, Just create a new UserController to get the information about one user via the method GetUser(PortalId, UserId) and store it into a UserInfo. Then you can get the rest of the information from this UserInfo [VB] Dim myUser As New UserInfo Dim myUserController As New UserController myUser = myUserController.GetUser(PortalId, Use...

User is authenticated, but User.Identity.Name is blank!?
Anyone know what might cause such a situation?  This has been working for over a year as I work on a small site I've been working on.  It stopped working sometime soon and there is only a few things I can think of that might have something to do with it. I enabled Roles.  For a sub-directory that I wanted only admins to be able to access. I installed VS 2008 Team System.  I did not upgrade my website to a new .Net version  Here are the relevant sections of my web.config file:<roleManager enabled="true" /><membership defaultProvider=&qu...

User.Identity.Name and Web User Control,
I am trying to user User.Identity.Name.ToString in a WebUser Control but it doesnt seem to work. Is their any way around this its tells me "User.Identity " is undeclared. Here is the code that was working when the form was still a web form.   CurrentRow.Item(5) = User.Identity.Name.ToString EmployeeDataTable.GetChanges() EmployeesAdapter.Update(CurrentRow)  It think it needs an import stsaement at the top can you help? Thnks Sanson Use System.Web.HttpContext.Current.UserThanks, EdMicrosoft MVP - ASP/ASP.NET thank you! Thanks for the advice. I couldnt actual...

Web resources about - User.Identity.Name swaps with other logged in users - asp.net.security

Sexual orientation and gender identity at the United Nations - Wikipedia, the free encyclopedia
... its founding in 1945, the United Nations had not discussed LGBT rights (regarding equality regardless of sexual orientation or gender identity ...

Birth certificate mix-up sparks identity fraud fears
Parents of newborn children have been mailed birth certificates for other peoples' babies in a mix-up described as a major privacy breach.

Samir Bouzid, Soufiane Kayal: Identity theft manhunt begins - Hasna Aitbouchlachen
POLICE have stepped up the hunt for two men who were using fake identity cards around Europe and wiring money to relatives of the Paris attacks ...

Birth certificate mix-up sparks identity fraud fears
Human error has led to nine parents being sent&nbsp;birth certificates for other peoples' babies, in what has been described&nbsp;as a major ...

14,000-year-old thighbone renews mystery over identity of 'Red Deer Cave people'
Analysis of an ancient thighbone from southwest China provides more evidence prehistoric humans walked in mainland Eurasia at the same time as ...

League of Nations Loses Identity Without Sheamus as WWE Champion - Bleacher Report
On the WWE Network series The List, failed factions were profiled. Every forgettable faction from 3 Count to 3MB was mentioned. Unfortunately, ...

This is how you're compromising your identity on Facebook
The threat of identity theft is very real on the internet and social media platforms. Adam Levin, author of "Swiped: How to Protect Yourself ...

NYPD: 4 tips to keep your money and identity safe
Worried about financial fraud and ID theft? Follow these guidelines courtesy of New York's finest

Rey's Identity Possibly Revealed In Star Wars: The Force Awakens Disney Infinity Game
Warning: Actual spoilers for Star Wars: The Force Awakens, as well as probable spoilers for Star [...]

Identity Theft Company LifeLock Once Again Failed To Actually Keep Identities Protected, Must Pay $100M ...
Five months after federal and state regulators accused identity theft protection company LifeLock of violating a 2010 settlement in which it ...

Resources last updated: 12/28/2015 11:18:34 AM