CODEWITHSUNDEEP
sql-serversecurityrazorwebmatrix
tnlewis
tnlewis

Reputation: 323

WebSecurity.GetUserID(HttpContext.Current.User.Identity.Name) does not always return the UserID

I have a WebMatrix application and I am using WebSecurity.GetUserId(Http.Current.User.Identity.Name) to grab the UserID. Sometimes it returns the UserId and then other times it returns a -1. I have a login page therefore, it should be getting the UserId of the person logged into the application.

Here is my code:

    var UserId = WebSecurity.GetUserId(HttpContext.Current.User.Identity.Name);
    var User = WebSecurity.CurrentUserName;
    var UserEmail = WebSecurity.CurrentUserName;
    var dbApp = Database.Open("ApplicationServices"); 
    var selectUser = "SELECT UserId, UserName, Location FROM LocationTable, UserTable WHERE (UserId) = (@0) AND (UserLocation) = (Id)";  
    var person = dbApp.QuerySingle(selectUser, UserId);

Why isn't it consistent?

Upvotes: 0

Views: 267

Answers (1)

SqlOnly
SqlOnly

Reputation: 258

Chances are you (or your users) are merely experiencing a session timeout (i.e. WebSecurity.CurrentUserId = -1) and in that case, you'd want to redirect the users back to your login page once they have timed out. You'll need to determine if you are using forms authentication, windows authentication or (ick) server sessions in order to determine/set the timeout value, and test as necessary.

The best thing for your users is to use the AuthorizeAttribute/AuthorizeCore and it's HandleUnauthorizedRequest Method to redirect them back to your login page on session expiration.

Upvotes: 1

Related Questions