I am using SimpleMembership in my .NET MVC4 project. During development, while manually manipulating/rebuilding the database, I've come across an error that would be unlikely in production, but I want to solve this and I cannot find a graceful way to handle it.
If, after logging in to the application, your username gets changed in the database, or your user record deleted entirely, the user will no longer be able to access any page of the application... including public pages that allow anonymous views, and the login screen. Instead, an exception is thrown - "No user found was found that has the name 'username'".
All pages in my application display a partial view which renders a login/logoff control. Request.IsAuthenticated is returning true regardless of what's in the database. It seems the app thinks the user is still logged in based on information in the cookie, but no corresponding record can be found in the database. Clearing the auth cookie solves this, but that's not an instruction I would want to provide to a user that may be experiencing this.
My current solution is to catch that exception in the Global.asax, clear cookies, and redirect to the login page. This just seems entirely hacky to me.
Has anyone got a better solution to this scenario? I've never encountered issues like this using the old .NET Membership provider... my expectation is that this situation should be covered right out of the box and I shouldn't have to account for it... if a record is altered/deleted in the DB, the user should just fail authorization and be redirected to the login page automagically.
Not sure where you have your authentication logic first, but here is what I do:
In Global.asax.cs:
protected void Application_Error(object sender, EventArgs e)
{
Exception ex = Server.GetLastError();
if (ex.Message.Contains("No user found was found that has the name"))
{
FormsAuthentication.SignOut();
Response.Redirect(Request.RawUrl);
}
}
Since the thrown exception is just a System.InvalidOperationException
, there is not much you can do with it. Not very smart, but does what needs to be done. Also, make sure that on the page you're redirecting to there is no authentication logic like IsUserInRole(...)
, if yes then you might wanna wrap it in try{} catch(){}
Can you please check the db cache or somewhere the page, after logging in, dependency of the user record, where it is dependant, chain delete or it may be occuring due to the dependency injection.
Please check for it or please share the code..
I was having the same kind of problem, IsAuthenticated
returning true
while I was not logged in the MVC 4 site, resulting in the same error message.
In our solution I had two MVC 4 sites with SimpleMembership and it turned out that I was logged in to the first site while debugging the second site.
I think it will have to do with the cookie that gets set as both sites run under adifferent port on localhost
en so both will set the same authentication cookie. I will probably need to change how the authentication cookie will be set.
I think you might have a different problem, but maybe my "solution" can help someone having this issue.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With