El Sistema De Perfil:Usuario compartir el mismo id
https://stackoverflow.com/questions/2343714
-
23-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianPregunta
Tengo un extraño efecto en mi sitio cuando está bajo carga pesada.
Yo al azar obtener las propiedades de otros usuarios de la configuración.Yo tengo mi propia implementación del sistema de perfil, así que supongo que no puedo culpar al perfil propio sistema.
Yo sólo necesita un punto para iniciar la depuración de.Supongo que hay una galleta-valor que se asigna a un Perfil de entrada en algún lugar.¿Hay alguna posibilidad de ver cómo esta asignación funciona?
Aquí está mi perfil de proveedor de:
using System;
using System.Text;
using System.Configuration;
using System.Web;
using System.Web.Profile;
using System.Collections;
using System.Collections.Specialized;
using B2CShop.Model;
using log4net;
using System.Collections.Generic;
using System.Diagnostics;
using B2CShop.DAL;
using B2CShop.Model.RepositoryInterfaces;
[assembly: log4net.Config.XmlConfigurator()]
namespace B2CShop.Profile
{
public class B2CShopProfileProvider : ProfileProvider
{
private static readonly ILog _log = LogManager.GetLogger(typeof(B2CShopProfileProvider));
// Get an instance of the Profile DAL using the ProfileDALFactory
private static readonly B2CShop.DAL.UserRepository dal = new B2CShop.DAL.UserRepository();
// Private members
private const string ERR_INVALID_PARAMETER = "Invalid Profile parameter:";
private const string PROFILE_USER = "User";
private static string applicationName = B2CShop.Model.Configuration.ApplicationConfiguration.MembershipApplicationName;
/// <summary>
/// The name of the application using the custom profile provider.
/// </summary>
public override string ApplicationName
{
get
{
return applicationName;
}
set
{
applicationName = value;
}
}
/// <summary>
/// Initializes the provider.
/// </summary>
/// <param name="name">The friendly name of the provider.</param>
/// <param name="config">A collection of the name/value pairs representing the provider-specific attributes specified in the configuration for this provider.</param>
public override void Initialize(string name, NameValueCollection config)
{
if (config == null)
throw new ArgumentNullException("config");
if (string.IsNullOrEmpty(config["description"]))
{
config.Remove("description");
config.Add("description", "B2C Shop Custom Provider");
}
if (string.IsNullOrEmpty(name))
name = "b2c_shop";
if (config["applicationName"] != null && !string.IsNullOrEmpty(config["applicationName"].Trim()))
applicationName = config["applicationName"];
base.Initialize(name, config);
}
/// <summary>
/// Returns the collection of settings property values for the specified application instance and settings property group.
/// </summary>
/// <param name="context">A System.Configuration.SettingsContext describing the current application use.</param>
/// <param name="collection">A System.Configuration.SettingsPropertyCollection containing the settings property group whose values are to be retrieved.</param>
/// <returns>A System.Configuration.SettingsPropertyValueCollection containing the values for the specified settings property group.</returns>
public override SettingsPropertyValueCollection GetPropertyValues(SettingsContext context, SettingsPropertyCollection collection)
{
string username = (string)context["UserName"];
bool isAuthenticated = (bool)context["IsAuthenticated"];
//if (!isAuthenticated) return null;
int uniqueID = dal.GetUniqueID(username, isAuthenticated, false, ApplicationName);
SettingsPropertyValueCollection svc = new SettingsPropertyValueCollection();
foreach (SettingsProperty prop in collection)
{
SettingsPropertyValue pv = new SettingsPropertyValue(prop);
switch (pv.Property.Name)
{
case PROFILE_USER:
if (!String.IsNullOrEmpty(username))
{
pv.PropertyValue = GetUser(uniqueID);
}
break;
default:
throw new ApplicationException(ERR_INVALID_PARAMETER + " name.");
}
svc.Add(pv);
}
return svc;
}
/// <summary>
/// Sets the values of the specified group of property settings.
/// </summary>
/// <param name="context">A System.Configuration.SettingsContext describing the current application usage.</param>
/// <param name="collection">A System.Configuration.SettingsPropertyValueCollection representing the group of property settings to set.</param>
public override void SetPropertyValues(SettingsContext context, SettingsPropertyValueCollection collection)
{
string username = (string)context["UserName"];
CheckUserName(username);
bool isAuthenticated = (bool)context["IsAuthenticated"];
int uniqueID = dal.GetUniqueID(username, isAuthenticated, false, ApplicationName);
if (uniqueID == 0)
{
uniqueID = dal.CreateProfileForUser(username, isAuthenticated, ApplicationName);
}
foreach (SettingsPropertyValue pv in collection)
{
if (pv.PropertyValue != null)
{
switch (pv.Property.Name)
{
case PROFILE_USER:
SetUser(uniqueID, (UserInfo)pv.PropertyValue);
break;
default:
throw new ApplicationException(ERR_INVALID_PARAMETER + " name.");
}
}
}
UpdateActivityDates(username, false);
}
// Profile gettters
// Retrieve UserInfo
private static UserInfo GetUser(int userID)
{
return dal.GetUser(userID);
}
// Update account info
private static void SetUser(int uniqueID, UserInfo user)
{
user.UserID = uniqueID;
dal.SetUser(user);
}
// UpdateActivityDates
// Updates the LastActivityDate and LastUpdatedDate values
// when profile properties are accessed by the
// GetPropertyValues and SetPropertyValues methods.
// Passing true as the activityOnly parameter will update
// only the LastActivityDate.
private static void UpdateActivityDates(string username, bool activityOnly)
{
dal.UpdateActivityDates(username, activityOnly, applicationName);
}
/// <summary>
/// Deletes profile properties and information for the supplied list of profiles.
/// </summary>
/// <param name="profiles">A System.Web.Profile.ProfileInfoCollection of information about profiles that are to be deleted.</param>
/// <returns>The number of profiles deleted from the data source.</returns>
public override int DeleteProfiles(ProfileInfoCollection profiles)
{
int deleteCount = 0;
foreach (ProfileInfo p in profiles)
if (DeleteProfile(p.UserName))
deleteCount++;
return deleteCount;
}
/// <summary>
/// Deletes profile properties and information for profiles that match the supplied list of user names.
/// </summary>
/// <param name="usernames">A string array of user names for profiles to be deleted.</param>
/// <returns>The number of profiles deleted from the data source.</returns>
public override int DeleteProfiles(string[] usernames)
{
int deleteCount = 0;
foreach (string user in usernames)
if (DeleteProfile(user))
deleteCount++;
return deleteCount;
}
// DeleteProfile
// Deletes profile data from the database for the specified user name.
private static bool DeleteProfile(string username)
{
CheckUserName(username);
return dal.DeleteAnonymousProfile(username, applicationName);
}
// Verifies user name for sise and comma
private static void CheckUserName(string userName)
{
if (string.IsNullOrEmpty(userName) || userName.Length > 256 || userName.IndexOf(",") > 0)
throw new ApplicationException(ERR_INVALID_PARAMETER + " user name.");
}
/// <summary>
/// Deletes all user-profile data for profiles in which the last activity date occurred before the specified date.
/// </summary>
/// <param name="authenticationOption">One of the System.Web.Profile.ProfileAuthenticationOption values, specifying whether anonymous, authenticated, or both types of profiles are deleted.</param>
/// <param name="userInactiveSinceDate">A System.DateTime that identifies which user profiles are considered inactive. If the System.Web.Profile.ProfileInfo.LastActivityDate value of a user profile occurs on or before this date and time, the profile is considered inactive.</param>
/// <returns>The number of profiles deleted from the data source.</returns>
public override int DeleteInactiveProfiles(ProfileAuthenticationOption authenticationOption, DateTime userInactiveSinceDate)
{
string[] userArray = new string[0];
dal.GetInactiveProfiles((int)authenticationOption, userInactiveSinceDate, ApplicationName).CopyTo(userArray, 0);
return DeleteProfiles(userArray);
}
/// <summary>
/// Retrieves profile information for profiles in which the user name matches the specified user names.
/// </summary>
/// <param name="authenticationOption">One of the System.Web.Profile.ProfileAuthenticationOption values, specifying whether anonymous, authenticated, or both types of profiles are returned.</param>
/// <param name="usernameToMatch">The user name to search for.</param>
/// <param name="pageIndex">The index of the page of results to return.</param>
/// <param name="pageSize">The size of the page of results to return.</param>
/// <param name="totalRecords">When this method returns, contains the total number of profiles.</param>
/// <returns>A System.Web.Profile.ProfileInfoCollection containing user-profile information
// for profiles where the user name matches the supplied usernameToMatch parameter.</returns>
public override ProfileInfoCollection FindProfilesByUserName(ProfileAuthenticationOption authenticationOption, string usernameToMatch, int pageIndex, int pageSize, out int totalRecords)
{
CheckParameters(pageIndex, pageSize);
return GetProfileInfo(authenticationOption, usernameToMatch, null, pageIndex, pageSize, out totalRecords);
}
/// <summary>
/// Retrieves profile information for profiles in which the last activity date occurred on or before the specified date and the user name matches the specified user name.
/// </summary>
/// <param name="authenticationOption">One of the System.Web.Profile.ProfileAuthenticationOption values, specifying whether anonymous, authenticated, or both types of profiles are returned.</param>
/// <param name="usernameToMatch">The user name to search for.</param>
/// <param name="userInactiveSinceDate">A System.DateTime that identifies which user profiles are considered inactive. If the System.Web.Profile.ProfileInfo.LastActivityDate value of a user profile occurs on or before this date and time, the profile is considered inactive.</param>
/// <param name="pageIndex">The index of the page of results to return.</param>
/// <param name="pageSize">The size of the page of results to return.</param>
/// <param name="totalRecords">When this method returns, contains the total number of profiles.</param>
/// <returns>A System.Web.Profile.ProfileInfoCollection containing user profile information for inactive profiles where the user name matches the supplied usernameToMatch parameter.</returns>
public override ProfileInfoCollection FindInactiveProfilesByUserName(ProfileAuthenticationOption authenticationOption, string usernameToMatch, DateTime userInactiveSinceDate, int pageIndex, int pageSize, out int totalRecords)
{
CheckParameters(pageIndex, pageSize);
return GetProfileInfo(authenticationOption, usernameToMatch, userInactiveSinceDate, pageIndex, pageSize, out totalRecords);
}
/// <summary>
/// Retrieves user profile data for all profiles in the data source.
/// </summary>
/// <param name="authenticationOption">One of the System.Web.Profile.ProfileAuthenticationOption values, specifying whether anonymous, authenticated, or both types of profiles are returned.</param>
/// <param name="pageIndex">The index of the page of results to return.</param>
/// <param name="pageSize">The size of the page of results to return.</param>
/// <param name="totalRecords">When this method returns, contains the total number of profiles.</param>
/// <returns>A System.Web.Profile.ProfileInfoCollection containing user-profile information for all profiles in the data source.</returns>
public override ProfileInfoCollection GetAllProfiles(ProfileAuthenticationOption authenticationOption, int pageIndex, int pageSize, out int totalRecords)
{
CheckParameters(pageIndex, pageSize);
return GetProfileInfo(authenticationOption, null, null, pageIndex, pageSize, out totalRecords);
}
/// <summary>
/// Retrieves user-profile data from the data source for profiles in which the last activity date occurred on or before the specified date.
/// </summary>
/// <param name="authenticationOption">One of the System.Web.Profile.ProfileAuthenticationOption values, specifying whether anonymous, authenticated, or both types of profiles are returned.</param>
/// <param name="userInactiveSinceDate">A System.DateTime that identifies which user profiles are considered inactive. If the System.Web.Profile.ProfileInfo.LastActivityDate of a user profile occurs on or before this date and time, the profile is considered inactive.</param>
/// <param name="pageIndex">The index of the page of results to return.</param>
/// <param name="pageSize">The size of the page of results to return.</param>
/// <param name="totalRecords">When this method returns, contains the total number of profiles.</param>
/// <returns>A System.Web.Profile.ProfileInfoCollection containing user-profile information about the inactive profiles.</returns>
public override ProfileInfoCollection GetAllInactiveProfiles(ProfileAuthenticationOption authenticationOption, DateTime userInactiveSinceDate, int pageIndex, int pageSize, out int totalRecords)
{
CheckParameters(pageIndex, pageSize);
return GetProfileInfo(authenticationOption, null, userInactiveSinceDate, pageIndex, pageSize, out totalRecords);
}
/// <summary>
/// Returns the number of profiles in which the last activity date occurred on or before the specified date.
/// </summary>
/// <param name="authenticationOption">One of the System.Web.Profile.ProfileAuthenticationOption values, specifying whether anonymous, authenticated, or both types of profiles are returned.</param>
/// <param name="userInactiveSinceDate">A System.DateTime that identifies which user profiles are considered inactive. If the System.Web.Profile.ProfileInfo.LastActivityDate of a user profile occurs on or before this date and time, the profile is considered inactive.</param>
/// <returns>The number of profiles in which the last activity date occurred on or before the specified date.</returns>
public override int GetNumberOfInactiveProfiles(ProfileAuthenticationOption authenticationOption, DateTime userInactiveSinceDate)
{
int inactiveProfiles = 0;
ProfileInfoCollection profiles = GetProfileInfo(authenticationOption, null, userInactiveSinceDate, 0, 0, out inactiveProfiles);
return inactiveProfiles;
}
//Verifies input parameters for page size and page index.
private static void CheckParameters(int pageIndex, int pageSize)
{
if (pageIndex < 1 || pageSize < 1)
throw new ApplicationException(ERR_INVALID_PARAMETER + " page index.");
}
//GetProfileInfo
//Retrieves a count of profiles and creates a
//ProfileInfoCollection from the profile data in the
//database. Called by GetAllProfiles, GetAllInactiveProfiles,
//FindProfilesByUserName, FindInactiveProfilesByUserName,
//and GetNumberOfInactiveProfiles.
//Specifying a pageIndex of 0 retrieves a count of the results only.
private static ProfileInfoCollection GetProfileInfo(ProfileAuthenticationOption authenticationOption, string usernameToMatch, object userInactiveSinceDate, int pageIndex, int pageSize, out int totalRecords)
{
ProfileInfoCollection profiles = new ProfileInfoCollection();
totalRecords = 0;
// Count profiles only.
if (pageSize == 0)
return profiles;
int counter = 0;
int startIndex = pageSize * (pageIndex - 1);
int endIndex = startIndex + pageSize - 1;
DateTime dt = new DateTime(1900, 1, 1);
if (userInactiveSinceDate != null)
dt = (DateTime)userInactiveSinceDate;
/*
foreach(CustomProfileInfo profile in dal.GetProfileInfo((int)authenticationOption, usernameToMatch, dt, applicationName, out totalRecords)) {
if(counter >= startIndex) {
ProfileInfo p = new ProfileInfo(profile.UserName, profile.IsAnonymous, profile.LastActivityDate, profile.LastUpdatedDate, 0);
profiles.Add(p);
}
if(counter >= endIndex) {
break;
}
counter++;
}
*/
return profiles;
}
}
}
Así es como yo lo uso en el controlador:
public ActionResult AddTyreToCart(CartViewModel model)
{
string profile = Request.IsAuthenticated ? Request.AnonymousID : User.Identity.Name;
}
Me gustaría debug:¿Cómo pueden los 2 usuarios que proporcionan diferentes cookies obtener el mismo profileid?
EDITAR
Aquí está el código para getuniqueid
public int GetUniqueID(string userName, bool isAuthenticated, bool ignoreAuthenticationType, string appName)
{
SqlParameter[] parms = {
new SqlParameter("@Username", SqlDbType.VarChar, 256),
new SqlParameter("@ApplicationName", SqlDbType.VarChar, 256)};
parms[0].Value = userName;
parms[1].Value = appName;
if (!ignoreAuthenticationType)
{
Array.Resize(ref parms, parms.Length + 1);
parms[2] = new SqlParameter("@IsAnonymous", SqlDbType.Bit) { Value = !isAuthenticated };
}
int userID;
object retVal = null;
retVal = SqlHelper.ExecuteScalar(ConfigurationManager.ConnectionStrings["SQLOrderB2CConnString"].ConnectionString, CommandType.StoredProcedure, "getProfileUniqueID", parms);
if (retVal == null)
userID = CreateProfileForUser(userName, isAuthenticated, appName);
else
userID = Convert.ToInt32(retVal);
return userID;
}
Y este es el SP:
CREATE PROCEDURE [dbo].[getProfileUniqueID]
@Username VarChar( 256),
@ApplicationName VarChar( 256),
@IsAnonymous bit = null
AS
BEGIN
SET NOCOUNT ON;
/*
[getProfileUniqueID]
created
08.07.2009 mf
Retrive unique id for current user
*/
SELECT UniqueID FROM dbo.Profiles WHERE Username = @Username
AND ApplicationName = @ApplicationName
AND IsAnonymous = @IsAnonymous or @IsAnonymous = null
END
No hay solución correcta
Otros consejos
No he mirado esto en profundidad, pero una cosa sí saltan a mí.
En su cláusula donde el cambio
@IsAnonymous = null
a
@IsAnonymous IS NULL
¿Qué quieres que ocurra cuando @IsAnonymous es nulo? Es posible que necesite añadir algunos paréntesis para la cláusula where.
SELECT UniqueID FROM dbo.Profiles
WHERE Username = @Username
AND ApplicationName = @ApplicationName
AND (IsAnonymous = @IsAnonymous OR @IsAnonymous IS NULL)
¿Usted dos usuarios que recibieron los mismos datos del perfil? Si es así empezar por ahí. Yo corría a través del procedimiento almacenado en primer lugar. Sería fácil y rápido de hacer.
Este es un tipo muy difícil de emisión para solucionar problemas. Hemos tenido un problema similar en una aplicación ASP.NET (no MVC). Yo sugeriría que se puede comenzar por establecer una cookie separada para identificar al usuario, evitando completamente el sistema de perfiles de ASP.NET. A continuación, puede comprobar si la identidad de esa cookie coincide con la identidad en el perfil. Si no lo hace, entonces puede 1) la sesión del usuario por lo que al menos ellos no tienen acceso a los datos y 2 de otra persona) se reúnen alguna información de diagnóstico - los detalles completos de solicitud HTTP sería un buen comienzo. Si eso no establece ningún tipo de patrón se podría iniciar el registro de todas las solicitudes HTTP por el usuario para ver si hay un patrón en su historia petición que le ayudará a reproducir el problema.
En nuestro caso el problema terminó siendo un mecanismo de almacenamiento en caché de cosecha propia tonta. La aplicación trataría de caché archivos estáticos (por ejemplo. Imágenes) en ASP.NET y galletas quedó en caché con ellos. Bajo carga pesada a veces un usuario cargar una imagen con las cookies de otro usuario y asumir la identidad de otro usuario. Su caso puede ser completamente diferente, pero esto podría darle alguna pista del tipo de cosas para tener en cuenta.
Las fuentes mencionadas parecen estar bien, pero no puedo hacer una profunda declaración sin haveing todos el correspondiente código fuente (por ejemplo.todos los métodos de la clase B2CShop.DAL.UserRepository), tal vez incluso el esquema de base de datos.
Primero sería comprobar si tal vez los datos en la base de datos está dañada, por tanto, decir que el usuario puede, literalmente, el mismo identificador único o el mismo nombre de usuario/aplicación/isanonymous combinación.Esto puede ser excluida si uniqueid es una clave principal.
Siempre que este tipo de problema suceden ... He visto que los siguientes son las causas ...
- Cache
- Las variables estáticas
Se puede tratar de escribir el código sin variables estáticas y comprobar si el problema se resuelve?
Saludos, Rahul
Licenciado bajo: CC-BY-SA con atribución
No afiliado a StackOverflow
