Hi,
I've got an ASP.NET webserver with IIS 7.
My authentication code (forms authentication) is as follows on the login page:
var isAuthenticated = Membership.ValidateUser(usernameTextBox.Text, passwordTextBox.Text);
if (isAuthenticated)
{
FormsAuthentication.RedirectFromLoginPage(usernameTextBox.Text, true);
}
else
{
var customValidator = new CustomValidator();
customValidator.IsValid = false;
customValidator.ErrorMessage = GetLocalResourceObject("LoginFailed.ErrorMessage").ToString();
customValidator.ValidationGroup = "AllValidators";
Page.Validators.Add(customValidator);
}
And on another page I display the username:
if (HttpContext.Current.User.Identity != null &&
!string.IsNullOrEmpty(HttpContext.Current.User.Identity.Name))
{
string authenticatedUsername = HttpContext.Current.User.Identity.Name;
return "authenticatedUsername=" + authenticatedUsername;
}
else
{
return null;
}
My issue is that if me and one of my colleagues login at the same time with different login names (and different accounts), the accounts are set OK (we see different items) but one of the names is set to the other logged in user.
So if I login with username foo and my colleague with username bar, we will both be logged in with our respective accounts but either I will see the user name bar or he will see my username foo on the page.
I've seen some other accounts of strange behaviour of the ASP.NET authentication and they claimed it was fixed by disabling the output cache feature. It didn't work for me.
Any help appreciated, I've got no idea how to track the issue.