I have been trying to implement many of the new Membership features in 2.0, and I can't seem to get Membership.GetUser() to return anything but null. I have added a Login control to the page, and written a custom MembershipProvider, whose validateUser method gets called correctly. The user seems to be logged in (as evidenced by the LoginView and LoginName showing correctly at the top of all screens), but anytime I try to get Membership.GetUser(), it returns null.

I've also tried calling other versions of GetUser() with boolean and string arguments, but no luck. Shouldn't Membership.GetUser() at least call the overridden version of this function in my custom provider? Also, why are there 6 forms of Membership.GetUser() but only 2 forms of it in MembershipProvider()?

I have the same problem that has come up after migrating from Beta 2 to the final release version.

The line

order.UserID = Membership.GetUser().ProviderUserKey;

throws a null reference exception. The thing is that "Membership.GetUser()" returns null only if an anonymous user is accessing the page. If an existing user has logged in, that same line works. Why doesn't this work for anonymous users anymore??? It seems it isn't creating a UserID or even a User Object for anonymous users anymore. I have anonymousIdentification enabled, "true" in web.config. So that can't be it. I would appreciate any hints as I've been trying to solve this for 4 days now and nothing seems to work.

I'm having the exact same problem.  Strange thing with mine is, it works great on my local machine but when I upload to my public server (hosting with GoDaddy.com), then Membership.GetUser() always returns null.  However, my login page works fine (i.e., it fails to log me in if I give a wrong user/pass, and succeeds when credentials are given correctly) and also my create user control creates the user account just fine.  I am using a custom provider but, as I said, it works great on my local machine.  Something strange is happening when I deploy to the GoDaddy servers.

Also, when I'm logged in, all of my login/logout controls show as "Login" instead of "Logout" like they should.  So, to the Membership framework, it appears that no-one is logged in.

Could someone give some insight into how the MembershipUser session variable is instantiated and maintained?  This might help to troubleshoot why it's not getting set properly.

-- Scott

Let me try to tackle the questions you've both raised.  TangyZizzle, I'll be addressing your questions in this post as well.

1.  Membership.GetUser() will only work for an authenticated user.  Otherwise, it's going to return null.  To verify you're dealing with an authenticated request call "User.Identity.IsAuthenticated" on the page.  If you've got an authenticated request, but Membership.GetUser() is still returning null, then that means the username associated with the authenticated user can't be found in the Membership datasource.  Verify the username of the authenticated user with "User.Identity.Name".

2.  If you're calling one of the Membership.GetUser() overloads which takes the username and it's returning null, then that user doesn't exist in the Membership datasource (or we've got a bug).  One way to easily verify this is to try a Membership.CreateUser() with the same username.  If this doesn't throw an error because of a duplicate user, then you know the user never existed in the first place.

3.  Membership.GetUser() should have never worked for an anonymous user.  No support was built into Membership for handling this case.

Hope this helps. 

Thanks,
Mark

This posting is provided "AS IS" with no warranties, and confers no rights.

Hi Mark,

Thanks for your input.  In fact, you're right -- User.Identity.IsAuthenticated is returning false.  However, this occurs after I've succesfully completed a login action.  Any clue as to why the application would consider the access to be anonymous rather than authenticated?

-- Scott

Just to provide a couple of additional pieces of information (and to keep this thread alive), the scenario I'm dealing with is one where the user has successfully logged into the site, yet User.Identity.IsAuthenticated still returns false afterwards.

Also, the bindings to my custom membership provider seem to be working fine, as I'm able to create new users (and, once created, it doesn't allow the same username to be used again) and the authentication seems to work fine, because it will reject a bad password and only redirect away from the login page once a correct user/pass is supplied.

Given these conditions, what are some possibe reasons that IsAuthenticated would still return false?

My guess is that an authetication ticket isn't being generated on a successfull login.

Any chance you still have the authentication mode set to Windows in your site's web.config?  If so, switch it to Forms.

<authentication mode="Forms" />

I believe you could also cause the ticket to be issued by denying anonymous access to your web site.

<authorization>
   <deny users="?"/>
</authorization>

Hope this helps,
Mark

Hi Mark,

Thanks for you reponse!

I do have authentication set to "Forms".  Here's a snippet from my web.config:

    <authentication mode="Forms">
      <forms loginUrl="default.aspx"
           protection="All"
           timeout="30"
           name="MySiteCookie"
           path="/MySite"
           requireSSL="false"
           slidingExpiration="true"
           defaultUrl="default.aspx"
           cookieless="UseCookies"
           enableCrossAppRedirects="false"/>
    </authentication>

However, because I have a "register.aspx" page that I do NOT want secured, I have the following setting for the root application path:

    <authorization>
      <allow users="*" />
      <allow users="?" />
    </authorization>

I have the following additional setting, so that all pages under the "http://blabla/secure" web path will be authenticated:

  <location path="secure">
    <system.web>
      <authorization>
        <deny users="?" />
      </authorization>
    </system.web>
  </location>

So, I have two pages at the root of my web site, default.aspx (my login page) and register.aspx for creating new user accounts.  Everything else is under the "secure/" path and requires authentication.

Perhaps the non-authenticated root settings are somehow over-riding my local "secure/" settings on GoDaddy's servers?  As I mentioned in a previous post, this setup works fine on my local dev machine.

Additionally, perhaps there's a better approach I should be taking to securing some pages, but not others?  Really, all I want as unsecured are the two login and register pages.

-- Scott

Please if anyone solved this problem do share your results!

I'm just starting with .NET and this is driving me crazy. It just doesn't work as specified by the docs... or most probably I'm missing something!

 

Thx in advance

I just downloaded some sample project. ProfileSample that I found somewhere. sorry cannot remember.

The thing is that inside this code (Project)  Membership.GetUser() works just fine.

I opened the project (ProfileSample) and added the line Membership.GetUser()  in some places and it worked fine (did return theright value not null).

I realy couldn't figureout what the problem is. My webconfig looks exactly like  ProfileSample's webconfig. Is there some other place where there's some configuration to set or something.What may make Membership.GetUser()  return null sometimes (after a user has successfully loged in of course).

I'm lost here!

pleaseanyone help.

Still stuck.

I tried to use profiles, and save some profile manually (myProfile.save())..etc

I couldn't find a solution. Membership.GetUser() returns null all the time. No matter what!

Also, User.Identity.Name;  is empty as well ( I mean even after successful authentication).

As mentioned earlier, on my very system I downloaded another app (mentioned above) and on this one app User.Identity.Name; returns the right user name and Membership.GetUser()  doesn't return null but the expected User object ...

Please someone help I'm getting desesperate!!! 

 

Hello,

It's working for me now! Here what I did. I added :

DisableCreatedUser="false"

I'm not sure that was solved my problem, I hope it helped someone.

Cheers, Alph.

PS: I added the above to the asp:CreateUserWizard  control. (source view).

Hello people :(

Well, I'm no longer sure it works... actually it does take some time for Membership.GetUser() to work correctly. I have to click here and there than comeback to the page where I check whether  the successfuly logged-in User is "recognized" as such. So it is only after few clicks that Membership.GetUser() returns the right value (and no longer this bloody null value).

Hope someone can figure it out.

Pleaaaaasssssssseeee

Eureka!  I think I've figured out what my problem was.  In the end, my web app was not actually denying access (and hence, was in anonymous mode rather than authenticated).

Specifically, in my web.config snippets above, where I set the local config for the "secure/" sub-section of my sebsite, this was incorrect.  It was correct on my local machine, but on my public server the web app is actually sitting in a folder called "prototype" under the web root.  So, that setting had to be changed to "prototype/secure/" and it started working.

Alphonso, my guess is that your problem will also turn out to be something related to your configuration. 

-- Scott

I  have issued the same problem,

I think in LoggedIn event the httpcontext doesn't refresh itself  because you cannot get the user identity calling by membership.getuser() or httpcontext.current.user.identity.name or system.security.threading.thread.currentprincipal.identity.name all these return null however when you are passed into destination page you can get the user information.

there is a problem with the logged in event while refreshing user httpcontext...