Issue with HttpContext.Current.User.Identity.Name

Question

In an environment where about 100+ users are logging on to a site with forms authentication, calling HttpContext.Current.User.Identity.Name returns the correctly logged on user.

However, 10% of the time the wrong user Full Name info is being returned. I never had such problem on my testing machine it happens only in production. I cannot recreate the same environment with many users on my test machine.

The logic of this app:

1) User enters username and pass, info is looked up via SQL DB call, if match, user is authenticated via FormsAuthentication.RedirectFromLoginPage(username, false)

 FormsAuthentication.SetAuthCookie(user.SYS_Users_ID.ToString(), false);

 if (Request["ReturnURL"] == null)
    FormsAuthentication.RedirectFromLoginPage(user.SYS_Users_ID.ToString(), false);
 else
     Response.Redirect("/" + SysConfig.ApplicationName + appConfig.DefaultPages.DefaultPage);

2)After redirect I put the user full Name into hidden field

if (!IsPostBack)
     userFullName.Value = Helper.GetCurrentUserFullName();

...

public static string GetCurrentUserFullName()
{
    string _userFullName = string.Empty; 
    try
    {
        _userFullName = new AgrotMasofim.DAL.Users.Users().GetUserFullName(GetCurrentUserID());
    }
    catch (Exception ex)
    {
        Logs.WriteToFileLog(string.Empty,ex);
    }
    return _userFullName;
 }



public static Decimal GetCurrentUserID()
        {
            Decimal _userID = 0;

            if (HttpContext.Current.User != null)
            {
                try
                {
                    _userID = Convert.ToDecimal(HttpContext.Current.User.Identity.Name);
                }
                catch (Exception ex)
                {
                   Logs.WriteToFileLog(string.Empty, ex);
                }
            }
            return _userID;
        }

3) On all the pages the user visits, his/her info is shown inside Label that is on master page

  lblUserName.Text = HttpUtility.HtmlDecode("Hello " + userFullName.Value);

This works almost all the time. Any ideas why it might be failing from time to time?

Answer 1

Absent more code, I can only guess at your problem. Since other people may find your question and have similar problems, I'll guess that your problem lies in a faulty use of static classes or properties.

Your GetCurrentUserFullName() method could rely on a data access method that is statically shared between all threads. There could be a race condition in the data access class(es) which sometimes results in the id of the user being searched for being replaced with that from another request before the data is retrieved. The solution to this is to either (a) use locks in all critical sections of your data access class(es) or (b) use a solution that instantiates a new data access class(es) for each request (really each unit of work). The latter design requires that your data access class(es) be lightweight, but would be preferable as it will be easier to test as well.

It's also possible, if you are caching values in static properties or other static classes that would be shared between threads, that you have a similar race condition where those values are cached and used. Similar solutions would apply - using locking or use per-thread instances rather than static instances.