3

I have noticed that when the user is logged in the WebSecurity.CurrentUserID after a while will return -1, this will then return the user to the Login screen. In my login screen I have a partial which says 

if(User.Identy.IsAuthenticated){

   @Html.ActionLink("Dashboard", "Index", "Dashboard");
}

On debugging the issue the web security function is returning -1 however the User.Identity is showing as being authenticated. Why is there a difference and how can we get these to be the same?

Thanks Craig

CR41G14
  • 5,464
  • 5
  • 43
  • 64

2 Answers2

0

The WebSecurity.CurrentUserId property is read only. It cannot be changed by code. The property is used to identify the user in the WebSecurity database, both in the user profile table and in the membership table. If you do not have either one of these tables configured within your web application you will be returned -1.

Assuming you have configured SimpleMembershipProvider Within your database should have tables that start with the name aspnet_ or webpages_ (assuming you have not renamed them). This is where WebSecurity is checking for values. Also be sure you are using the methods associated with SimpleMembershipProvider.

Check out this article

Hopefully this helps! If not I will definitely be open to further assisting you!

Drisan James
  • 146
  • 9
  • yes I have all these set up and yes understand the complexities behind the static function. This property does return the current logged in user but after some inactivity this will return -1 and log the user out however I noticed that User.Identity assumes the person is still logged in. – CR41G14 Sep 18 '13 at 15:40
  • It seems that perhaps you possibly removed the tag from your web.config and this means that you are allowing anyone anonymous. Therefore User.Identity is always going to return true. Try adding let me know if this helps! – Drisan James Sep 18 '13 at 19:16
0

I came across this problem too. It appears to be related to your MVC app being restarted (happens randomly). At this point session can sometimes disappear and simultaneously WebSecurity.CurrentUserId is set to -1 (makes me suspect that this value is stored in the session). However authentication is not based on the data that is kept in the session and the app still knows you are logged in. I believe that MVC notices this and recreates all the necessary cookies right away. However, those will still be unavailable during the first action after the app was restarted (same like with logging in).

A colleague of mine discovered, that this tends to happen when the app pool is restarted (rather than the app itself getting restarted). In his particular case it was caused by low memory limit for this app pool (but that should not be set by default, so typically memory limit won't be the cause of app pool getting restarted).

Community
  • 1
  • 1
jahu
  • 5,427
  • 3
  • 37
  • 64