This kind of behavior happens with agressive server side output caching or when using static
data shared accross all users (a static method or property returning user or request scoped data is ok).
You are using System.Web.HttpContext.Current.User.Identity.Name (in a view it should be exposed as Context.User.Identity.Name) or could it be that you are porting to ASP.NET Core and tried to implement a custom replacement for that?
CS1061: 'HttpContextBase' does not contain a definition for 'Current' and no accessible extension method 'Current' accepting a first argument of type 'HttpContextBase' could be found (are you missing a using directive or an assembly reference?)
This MVC app working only th browser Google Chrome (company standard)...
For now I'm trying to understand what happens. Those built in methods are returning the correct user ie the authenticated user for the http request that is currently processed by your code and they work fine out of the box.
So for now I would see:
- you are using your own HttpContext.Current.User.Identity.Name. I see that sometimes when porting from ASP.NET 4.x to ASP.NET Core. if not implemented correctly it could cause this
- else if you are using server side output cache, the content cached for a user could be reused for another user causing the wrong name to be shown
- the common cause is using static data (ie having a single value for all users) but it doesn't seems the case here (unless this is actually your own custom implementation)
If using really ASP.NET 4.x and the build in System.Web.HttpContext.Current.User.Identity.Name (it is exposed as shortcurt in web forms, controlers, views, razor pages) it always worked fine for me out of the box and never heard about a problem on that from
others so more likely something wrong was done.
This is an attempt to solve your issue or you configured a cache and this particular action is not supposed to be cached at all? If you configured cachiing options try perhaps to disable them all for now and see what happens?
Also my very first move would be to show a date/time next to the user name to be 100% sure if it looks like a caching issue or if this is really some unexpected behavior in the user name.
Beyond that I'm don't see how I could make that to happen with the correct built-in http context access methods. ah BTW which authentication method do you use? If this is a custom principal it could be coding error (maybe with static data) causing the last
created custom principal being used for all users ???
Member
63 Points
129 Posts
ASP NET MVC last logged in user always replaces the previous logged in user
Jan 22, 2021 10:51 AM|Golia|LINK
Hi,
I have an ASP NET MVC app.
On this ASP NET MVC app getting the current user with
Welcome <strong>@HttpContext.Current.User.Identity.Name</strong>But I have verified that the last logged in user always replaces the previous logged in user
e.g.
the user
Fooconnects at hours 11:35 and on theViewof app, I see on the browserthe user
Foo2connects at hours 11:45 from other devices and on theViewof app, I see on my browserThe user
Fooreplaced on the app userFoo2...If restart browser I see always
How do fix this?
What is wrong?
Thanks
All-Star
48490 Points
18071 Posts
Re: ASP NET MVC last logged in user always replaces the previous logged in user
Jan 22, 2021 12:15 PM|PatriceSc|LINK
Hi,
This kind of behavior happens with agressive server side output caching or when using static data shared accross all users (a static method or property returning user or request scoped data is ok).
You are using System.Web.HttpContext.Current.User.Identity.Name (in a view it should be exposed as Context.User.Identity.Name) or could it be that you are porting to ASP.NET Core and tried to implement a custom replacement for that?
Member
63 Points
129 Posts
Re: ASP NET MVC last logged in user always replaces the previous logged in user
Jan 22, 2021 01:59 PM|Golia|LINK
Thanks for reply.
If change in the View (index.cshtml) from
to
I have this error
This MVC app working only th browser Google Chrome (company standard)...
How can I avoid user replacement?
All-Star
48490 Points
18071 Posts
Re: ASP NET MVC last logged in user always replaces the previous logged in user
Jan 22, 2021 02:41 PM|PatriceSc|LINK
This is:
For now I'm trying to understand what happens. Those built in methods are returning the correct user ie the authenticated user for the http request that is currently processed by your code and they work fine out of the box.
So for now I would see:
- you are using your own HttpContext.Current.User.Identity.Name. I see that sometimes when porting from ASP.NET 4.x to ASP.NET Core. if not implemented correctly it could cause this
- else if you are using server side output cache, the content cached for a user could be reused for another user causing the wrong name to be shown
- the common cause is using static data (ie having a single value for all users) but it doesn't seems the case here (unless this is actually your own custom implementation)
If using really ASP.NET 4.x and the build in System.Web.HttpContext.Current.User.Identity.Name (it is exposed as shortcurt in web forms, controlers, views, razor pages) it always worked fine for me out of the box and never heard about a problem on that from others so more likely something wrong was done.
Member
63 Points
129 Posts
Re: ASP NET MVC last logged in user always replaces the previous logged in user
Jan 22, 2021 02:52 PM|Golia|LINK
In my case it's not about porting from ASP.NET 4.x to ASP.NET Core
On controller.cs I have
public class NoCache : ActionFilterAttribute { public override void OnResultExecuting(ResultExecutingContext filterContext) { filterContext.HttpContext.Response.Cache.SetExpires(DateTime.UtcNow.AddDays(-1)); filterContext.HttpContext.Response.Cache.SetValidUntilExpires(false); filterContext.HttpContext.Response.Cache.SetRevalidation(HttpCacheRevalidation.AllCaches); filterContext.HttpContext.Response.Cache.SetCacheability(HttpCacheability.NoCache); filterContext.HttpContext.Response.Cache.SetNoStore(); base.OnResultExecuting(filterContext); } }On global.asax
protected void Application_PostAuthorizeRequest() { HttpContext.Current.SetSessionStateBehavior(System.Web.SessionState.SessionStateBehavior.Required); }All-Star
48490 Points
18071 Posts
Re: ASP NET MVC last logged in user always replaces the previous logged in user
Jan 22, 2021 03:36 PM|PatriceSc|LINK
This is an attempt to solve your issue or you configured a cache and this particular action is not supposed to be cached at all? If you configured cachiing options try perhaps to disable them all for now and see what happens?
Also my very first move would be to show a date/time next to the user name to be 100% sure if it looks like a caching issue or if this is really some unexpected behavior in the user name.
Beyond that I'm don't see how I could make that to happen with the correct built-in http context access methods. ah BTW which authentication method do you use? If this is a custom principal it could be coding error (maybe with static data) causing the last created custom principal being used for all users ???
Member
63 Points
129 Posts
Re: ASP NET MVC last logged in user always replaces the previous logged in user
Jan 22, 2021 03:53 PM|Golia|LINK
Ok thank you.
I have tried using Google Chrome browser, using my pc, with
the return is
After I'm connected from mobile device using Internet Samsung browser and using user Domain\foo2
the return is
When refresh the browser on my pc and go and refresh on mobile device the return is
The user
Fooreplaced on the app userFoo2...All-Star
58144 Points
15646 Posts
Re: ASP NET MVC last logged in user always replaces the previous logged in user
Jan 22, 2021 04:56 PM|bruce (sqlwork.com)|LINK
as you did not show the values for both the pc & mobile refresh, did the times match? the whole point of the exercise
Member
63 Points
129 Posts
Re: ASP NET MVC last logged in user always replaces the previous logged in user
Jan 22, 2021 05:27 PM|Golia|LINK
I show the values of both the pc & mobile refresh...
First access from pc
First access from mobile device
Last access from pc after refresh
The user
foo2replaced on the app userfoo...First access from mobile device
First access from pc
Last access from mobile device after refresh
The user
fooreplaced on the app userfoo2...All-Star
58144 Points
15646 Posts
Re: ASP NET MVC last logged in user always replaces the previous logged in user
Jan 22, 2021 09:38 PM|bruce (sqlwork.com)|LINK
the timestamp shows the page is not cached. this implies a coding error where somewhere the user is stored in a static. if your view is really using:
@HttpContext.Current.User.Identity.Name<then your code to load the identity into the context is wrong. you don't show this code.