What is an anonymous username supposed to look like in a ProviderInfo object?

Question

Per Microsoft's ProfileInfo definition http://msdn.microsoft.com/en-us/library/system.web.profile.profileinfo.aspx, an unauthenticated profileinfo object has a username; naturally this must be keyed off of to persist/ reference profile information in a given session (I am assuming it is session-based). I'm guessing this is some guid or something, but I don't see where this is defined, created, tracked, etc. Can someone point me in the right direction?

Answer 1

Well... The question interested me so I've decided to do some research.

A bit of digging in documentation lead me first to Implementing a Profile Provider MSDN article, where I've found the following:

GetPropertyValues method

Takes as input a SettingsContext and a SettingsPropertyCollection object.

The SettingsContext provides information about the user. You can use the information as a primary key to retrieve profile property information for the user. Use the SettingsContext object to get the user name and whether the user is authenticated or anonymous. ...

So, the determination of whether user is authenticated or not is generally done on higher level. Anyway, I took a look at code of Microsoft's default SqlProfileProvider implementation (namely, GetPropertyValues method implementation) and found out that it calls method private void GetPropertyValuesFromDatabase(string userName, SettingsPropertyValueCollection svc) which actually has the following code:

HttpContext context = HttpContext.Current;
...
string sName = null;

if (context != null) 
    sName = (context.Request.IsAuthenticated ? context.User.Identity.Name : context.Request.AnonymousID);

So, if we have a non-authenticated request then a user id is taken from HttpContext.Current.Request.AnonymousID property. Searching through MSDN for this property has revealed the following page: HttpRequest.AnonymousID property (System.Web). Although it still does not describe exact algorithm of generating this ID, but it provides information on how you can override this default algorithm if you want. All you need is to overload public void AnonymousIdentification_Creating(Object sender, AnonymousIdentificationEventArgs e) method in your web application. Also this page provides some information on how AnonymousID is persisted between calls (by default it's stored in .ASPXANONYMOUS cookie).

Example code:

void Application_Start(Object sender, EventArgs e)
    {
        // Initialize user count property
        Application["UserCount"] = 0;
    }

public void AnonymousIdentification_Creating(Object sender, AnonymousIdentificationEventArgs e)
    {
    // Change the anonymous id
    e.AnonymousID = "mysite.com_Anonymous_User_" + DateTime.Now.Ticks;

    // Increment count of unique anonymous users
    Application["UserCount"] = Int32.Parse(Application["UserCount"].ToString()) + 1;
}

Summary: I have not been able to answer your original question on HOW this ID is created by default but I think that last code snippet will be enough for you to override this with any algorithm you want.