ASP.NET Membership/SQL Server issue - missing data

Question

Hello, I am having an issue that I can't seem to figure out. Hopefully somebody can point me in the right direction, or give me other ideas to look into. I won't provide much code now because honestly I don't think it's a coding issue.

First, I have an ASP.NET 3.5 web application. I am using ASP.NET Membership libraries for my authentication. The data lies in a SQL Server 2005 database.

My application enables a user to fill out a request that gets saved in the database. The page to fill out a request lies in a subfolder that contains the following web.config file (I want users to be authenticated before they fill out the request):

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.web>
    <authorization>
      <deny users="?" />
    </authorization>
  </system.web>
</configuration>

A user is required to log on or create a new account to fill out a request. When they submit a request, they get an email verification that it was submitted. The recipient address of this email verification is collected using:

Membership.GetUser().Email

So far this all seems fairly elementary and has worked without a hitch. However, I just receieved a few calls from our users of people who filled out the request and got the email, but the request could not be found in the system. I had them forward me the confirmation emails so I could view the recipient address and find the user in the ASP.NET Membership tables. However, I could not find the user based on the email, and I could find no trace of the Request in the database when I was given details on what they entered.

I have provided no method for users to delete their accounts or delete a request. There is no method to change an email address or edit pertinent data. The database is pretty locked down, with all queries being run through Stored Procedures.

Now, my question is, how in the heck is this possible? The user needs to be authenticated to fill out the request, and I have the confirmation email with the email address which I can't find in the system. The email address is gathered using the the method mentioned above, which to me proves that this user had to exist in the database with the specified email address at one time.

I really have no clue where to proceed from here. Does anybody have an ideas on what to check? I would appreciate any advice as I am stumped, and I can provide any additional info if needed.

Thanks in advance!

Answer 1

If I had to guess without seeing the code that is part of the registration process I would say there is some error in saving the record to the database but not in sending the email. If both actions were wrapped in a transaction that might solve your problem, that way people wouldn't recieve an email unless the record was saved to the DB and vice versa. Do you have any logging enabled that would show any errors saving to the DB?

Answer 2

I posted the comment asking for code first, because without the code this will be hard to answer, but two possibilities come to mind. Either one would allow the email to be sent, but the data not being written tot he database:

1. (Not likely as it would be easy for you to spot and you'd have caught it by now) The code for sending the email is executed before saving to the database.

2. (more likely) There is a flaw in the error handling that will allow the email to be sent even if the DB save is in error, such as:

   try

   {
      SaveToDo();
   }
   catch(Exception ex)
   {
   
   
     // something here
   
   
   }
   SendEmail();
   

Answer 3

Whew, problem solved. The staging address was provided to the end user by the customer and the data was in the staging database. Looks like all of my conspiracy theories about database integrity were false. :-)

Thanks for all the suggestions!