UniqueEmail problem

Discussion in 'ASP .Net Security' started by Papanii Okai, Jan 18, 2006.

  1. Papanii Okai

    Papanii Okai Guest

    Hi Guys,
    I have a problem which I cannot seem to fix. I have a
    registration page that requires users to fill in certain information. One of
    the fields required is "user-Email". In my code behind page (c#), I used one
    of the overloaded Membership.createUser() methods to create the user which
    populates my aspnet_Membership table in the aspnetdb database. The problem I
    am having is, if a user subscribes with an email address already in the
    profile database, it still creates the user. In my web-config file under the
    providers tag, I specify requiresUniqueEmail = "true". To be honest, I don't
    know where else to look. I get the expected results if a user tries to
    subscribe with an already existing username (I.e. user creation fails). I
    double checked the database to see if the emails where somewhat different
    but as I suspected, they where all the same. Any suggestions?

    --Papanii
     
    Papanii Okai, Jan 18, 2006
    #1
    1. Advertising

  2. Hi,

    requiresUniqueEmail only makes sure that there are no duplicate emails in
    the membership table.

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Hi Guys,
    > I have a problem which I cannot seem to fix. I have a
    > registration page that requires users to fill in certain information.
    > One of
    > the fields required is "user-Email". In my code behind page (c#), I
    > used one of the overloaded Membership.createUser() methods to create
    > the user which populates my aspnet_Membership table in the aspnetdb
    > database. The problem I am having is, if a user subscribes with an
    > email address already in the profile database, it still creates the
    > user. In my web-config file under the providers tag, I specify
    > requiresUniqueEmail = "true". To be honest, I don't know where else to
    > look. I get the expected results if a user tries to subscribe with an
    > already existing username (I.e. user creation fails). I double checked
    > the database to see if the emails where somewhat different but as I
    > suspected, they where all the same. Any suggestions?
    >
    > --Papanii
    >
     
    Dominick Baier [DevelopMentor], Jan 18, 2006
    #2
    1. Advertising

  3. Papanii Okai

    Papanii Okai Guest

    Exactly,
    As you can see from my previous post, i stated that it populates
    the membership database. This shouldn't be happening. I have the necessary
    error checking (exceptions ) that will execute if any error occurs. What
    puszzles me is that the membership database is still being populated even
    though requiresUniqueEmail = "true".

    --Papanii

    "Dominick Baier [DevelopMentor]" <>
    wrote in message news:...
    > Hi,
    > requiresUniqueEmail only makes sure that there are no duplicate emails in
    > the membership table.
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    >> Hi Guys,
    >> I have a problem which I cannot seem to fix. I have a
    >> registration page that requires users to fill in certain information.
    >> One of
    >> the fields required is "user-Email". In my code behind page (c#), I
    >> used one of the overloaded Membership.createUser() methods to create
    >> the user which populates my aspnet_Membership table in the aspnetdb
    >> database. The problem I am having is, if a user subscribes with an
    >> email address already in the profile database, it still creates the
    >> user. In my web-config file under the providers tag, I specify
    >> requiresUniqueEmail = "true". To be honest, I don't know where else to
    >> look. I get the expected results if a user tries to subscribe with an
    >> already existing username (I.e. user creation fails). I double checked
    >> the database to see if the emails where somewhat different but as I
    >> suspected, they where all the same. Any suggestions?
    >>
    >> --Papanii
    >>

    >
    >
     
    Papanii Okai, Jan 18, 2006
    #3
  4. Hi,

    maybe i misunderstood you - do you say he overwrites the user?

    have you hooked up a SQL Profiler to the aspnetdb to see what's going on?

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Exactly,
    > As you can see from my previous post, i stated that it
    > populates
    > the membership database. This shouldn't be happening. I have the
    > necessary
    > error checking (exceptions ) that will execute if any error occurs.
    > What puszzles me is that the membership database is still being
    > populated even though requiresUniqueEmail = "true".
    >
    > --Papanii
    >
    > "Dominick Baier [DevelopMentor]"
    > <> wrote in message
    > news:...
    >
    >> Hi,
    >> requiresUniqueEmail only makes sure that there are no duplicate
    >> emails in
    >> the membership table.
    >> ---------------------------------------
    >> Dominick Baier - DevelopMentor
    >> http://www.leastprivilege.com
    >>> Hi Guys,
    >>> I have a problem which I cannot seem to fix. I have a
    >>> registration page that requires users to fill in certain
    >>> information.
    >>> One of
    >>> the fields required is "user-Email". In my code behind page (c#), I
    >>> used one of the overloaded Membership.createUser() methods to create
    >>> the user which populates my aspnet_Membership table in the aspnetdb
    >>> database. The problem I am having is, if a user subscribes with an
    >>> email address already in the profile database, it still creates the
    >>> user. In my web-config file under the providers tag, I specify
    >>> requiresUniqueEmail = "true". To be honest, I don't know where else
    >>> to
    >>> look. I get the expected results if a user tries to subscribe with
    >>> an
    >>> already existing username (I.e. user creation fails). I double
    >>> checked
    >>> the database to see if the emails where somewhat different but as I
    >>> suspected, they where all the same. Any suggestions?
    >>> --Papanii
    >>>
     
    Dominick Baier [DevelopMentor], Jan 18, 2006
    #4
  5. Papanii Okai

    Papanii Okai Guest

    No it doesn't overwrite the user.

    "Dominick Baier [DevelopMentor]" <>
    wrote in message news:...
    > Hi,
    > maybe i misunderstood you - do you say he overwrites the user?
    >
    > have you hooked up a SQL Profiler to the aspnetdb to see what's going on?
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    >> Exactly,
    >> As you can see from my previous post, i stated that it
    >> populates
    >> the membership database. This shouldn't be happening. I have the
    >> necessary
    >> error checking (exceptions ) that will execute if any error occurs.
    >> What puszzles me is that the membership database is still being
    >> populated even though requiresUniqueEmail = "true".
    >>
    >> --Papanii
    >>
    >> "Dominick Baier [DevelopMentor]"
    >> <> wrote in message
    >> news:...
    >>
    >>> Hi,
    >>> requiresUniqueEmail only makes sure that there are no duplicate
    >>> emails in
    >>> the membership table.
    >>> ---------------------------------------
    >>> Dominick Baier - DevelopMentor
    >>> http://www.leastprivilege.com
    >>>> Hi Guys,
    >>>> I have a problem which I cannot seem to fix. I have a
    >>>> registration page that requires users to fill in certain
    >>>> information.
    >>>> One of
    >>>> the fields required is "user-Email". In my code behind page (c#), I
    >>>> used one of the overloaded Membership.createUser() methods to create
    >>>> the user which populates my aspnet_Membership table in the aspnetdb
    >>>> database. The problem I am having is, if a user subscribes with an
    >>>> email address already in the profile database, it still creates the
    >>>> user. In my web-config file under the providers tag, I specify
    >>>> requiresUniqueEmail = "true". To be honest, I don't know where else
    >>>> to
    >>>> look. I get the expected results if a user tries to subscribe with
    >>>> an
    >>>> already existing username (I.e. user creation fails). I double
    >>>> checked
    >>>> the database to see if the emails where somewhat different but as I
    >>>> suspected, they where all the same. Any suggestions?
    >>>> --Papanii
    >>>>

    >
    >
     
    Papanii Okai, Jan 18, 2006
    #5
  6. Papanii Okai

    Papanii Okai Guest

    After running the profiler, it doesn't show any errors. the feildis valid
    and it inserts into tthe table.
    --Papanii

    "Papanii Okai" <> wrote in message
    news:...
    > No it doesn't overwrite the user.
    >
    > "Dominick Baier [DevelopMentor]" <>
    > wrote in message news:...
    >> Hi,
    >> maybe i misunderstood you - do you say he overwrites the user?
    >>
    >> have you hooked up a SQL Profiler to the aspnetdb to see what's going on?
    >>
    >> ---------------------------------------
    >> Dominick Baier - DevelopMentor
    >> http://www.leastprivilege.com
    >>
    >>> Exactly,
    >>> As you can see from my previous post, i stated that it
    >>> populates
    >>> the membership database. This shouldn't be happening. I have the
    >>> necessary
    >>> error checking (exceptions ) that will execute if any error occurs.
    >>> What puszzles me is that the membership database is still being
    >>> populated even though requiresUniqueEmail = "true".
    >>>
    >>> --Papanii
    >>>
    >>> "Dominick Baier [DevelopMentor]"
    >>> <> wrote in message
    >>> news:...
    >>>
    >>>> Hi,
    >>>> requiresUniqueEmail only makes sure that there are no duplicate
    >>>> emails in
    >>>> the membership table.
    >>>> ---------------------------------------
    >>>> Dominick Baier - DevelopMentor
    >>>> http://www.leastprivilege.com
    >>>>> Hi Guys,
    >>>>> I have a problem which I cannot seem to fix. I have a
    >>>>> registration page that requires users to fill in certain
    >>>>> information.
    >>>>> One of
    >>>>> the fields required is "user-Email". In my code behind page (c#), I
    >>>>> used one of the overloaded Membership.createUser() methods to create
    >>>>> the user which populates my aspnet_Membership table in the aspnetdb
    >>>>> database. The problem I am having is, if a user subscribes with an
    >>>>> email address already in the profile database, it still creates the
    >>>>> user. In my web-config file under the providers tag, I specify
    >>>>> requiresUniqueEmail = "true". To be honest, I don't know where else
    >>>>> to
    >>>>> look. I get the expected results if a user tries to subscribe with
    >>>>> an
    >>>>> already existing username (I.e. user creation fails). I double
    >>>>> checked
    >>>>> the database to see if the emails where somewhat different but as I
    >>>>> suspected, they where all the same. Any suggestions?
    >>>>> --Papanii
    >>>>>

    >>
    >>

    >
    >
     
    Papanii Okai, Jan 18, 2006
    #6
  7. Hi,

    OK - i am not sure what's wrong with your setup - but by looking at the source
    code i can tell you what happens - maybe this gives you a pointer in the
    right direction.

    when you call Membership.CreateUser the config values of the provider are
    read and the value of requiresUniqueEmail is passed as a parameter to a stored
    proc in aspnetdb

    SqlCommand command1 = new SqlCommand("dbo.aspnet_Membership_CreateUser",
    holder1.Connection);
    ....
    command1.Parameters.Add(this.CreateInputParam("@UniqueEmail", SqlDbType.Int,
    this.RequiresUniqueEmail ? 1 : 0));

    So in SQL Profiler you should see a 1 for the @UniqueEmail parameter.


    the CreateUser sproc does this to check for duplicate emails:

    IF (@UniqueEmail = 1)
    BEGIN
    IF (EXISTS (SELECT *
    FROM dbo.aspnet_Membership m WITH ( UPDLOCK, HOLDLOCK )
    WHERE ApplicationId = @ApplicationId AND LoweredEmail
    = LOWER(@Email)))
    BEGIN
    SET @ErrorCode = 7
    GOTO Cleanup
    END
    END

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > After running the profiler, it doesn't show any errors. the feildis
    > valid
    > and it inserts into tthe table.
    > --Papanii
    > "Papanii Okai" <> wrote in message
    > news:...
    >
    >> No it doesn't overwrite the user.
    >>
    >> "Dominick Baier [DevelopMentor]"
    >> <> wrote in message
    >> news:...
    >>
    >>> Hi,
    >>> maybe i misunderstood you - do you say he overwrites the user?
    >>> have you hooked up a SQL Profiler to the aspnetdb to see what's
    >>> going on?
    >>>
    >>> ---------------------------------------
    >>> Dominick Baier - DevelopMentor
    >>> http://www.leastprivilege.com
    >>>> Exactly,
    >>>> As you can see from my previous post, i stated that it
    >>>> populates
    >>>> the membership database. This shouldn't be happening. I have the
    >>>> necessary
    >>>> error checking (exceptions ) that will execute if any error occurs.
    >>>> What puszzles me is that the membership database is still being
    >>>> populated even though requiresUniqueEmail = "true".
    >>>> --Papanii
    >>>>
    >>>> "Dominick Baier [DevelopMentor]"
    >>>> <> wrote in message
    >>>> news:...
    >>>>
    >>>>> Hi,
    >>>>> requiresUniqueEmail only makes sure that there are no duplicate
    >>>>> emails in
    >>>>> the membership table.
    >>>>> ---------------------------------------
    >>>>> Dominick Baier - DevelopMentor
    >>>>> http://www.leastprivilege.com
    >>>>>> Hi Guys,
    >>>>>> I have a problem which I cannot seem to fix. I have a
    >>>>>> registration page that requires users to fill in certain
    >>>>>> information.
    >>>>>> One of
    >>>>>> the fields required is "user-Email". In my code behind page (c#),
    >>>>>> I
    >>>>>> used one of the overloaded Membership.createUser() methods to
    >>>>>> create
    >>>>>> the user which populates my aspnet_Membership table in the
    >>>>>> aspnetdb
    >>>>>> database. The problem I am having is, if a user subscribes with
    >>>>>> an
    >>>>>> email address already in the profile database, it still creates
    >>>>>> the
    >>>>>> user. In my web-config file under the providers tag, I specify
    >>>>>> requiresUniqueEmail = "true". To be honest, I don't know where
    >>>>>> else
    >>>>>> to
    >>>>>> look. I get the expected results if a user tries to subscribe
    >>>>>> with
    >>>>>> an
    >>>>>> already existing username (I.e. user creation fails). I double
    >>>>>> checked
    >>>>>> the database to see if the emails where somewhat different but as
    >>>>>> I
    >>>>>> suspected, they where all the same. Any suggestions?
    >>>>>> --Papanii
     
    Dominick Baier [DevelopMentor], Jan 18, 2006
    #7
  8. Papanii Okai

    Papanii Okai Guest

    Hi Dominick,
    After mocking around further, i found out that i in my
    web-config file i didn't specify the default membership like <membership
    defaultProvider="SqlProvider"> I simple wrote it as <membership> Thus my
    application was using the machine.config files default settings which had
    uniqueEmail = "false". Now that i have reconfigured the web.config file
    properly it works as expected. Thanx a lot for all your help..

    --Papanii

    "Dominick Baier [DevelopMentor]" <>
    wrote in message news:...
    > Hi,
    > OK - i am not sure what's wrong with your setup - but by looking at the
    > source code i can tell you what happens - maybe this gives you a pointer
    > in the right direction.
    >
    > when you call Membership.CreateUser the config values of the provider are
    > read and the value of requiresUniqueEmail is passed as a parameter to a
    > stored proc in aspnetdb
    >
    > SqlCommand command1 = new SqlCommand("dbo.aspnet_Membership_CreateUser",
    > holder1.Connection);
    > ...
    > command1.Parameters.Add(this.CreateInputParam("@UniqueEmail",
    > SqlDbType.Int, this.RequiresUniqueEmail ? 1 : 0));
    >
    > So in SQL Profiler you should see a 1 for the @UniqueEmail parameter.
    >
    >
    > the CreateUser sproc does this to check for duplicate emails:
    >
    > IF (@UniqueEmail = 1)
    > BEGIN
    > IF (EXISTS (SELECT *
    > FROM dbo.aspnet_Membership m WITH ( UPDLOCK,
    > HOLDLOCK )
    > WHERE ApplicationId = @ApplicationId AND LoweredEmail =
    > LOWER(@Email)))
    > BEGIN
    > SET @ErrorCode = 7
    > GOTO Cleanup
    > END
    > END
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    >> After running the profiler, it doesn't show any errors. the feildis
    >> valid
    >> and it inserts into tthe table.
    >> --Papanii
    >> "Papanii Okai" <> wrote in message
    >> news:...
    >>
    >>> No it doesn't overwrite the user.
    >>>
    >>> "Dominick Baier [DevelopMentor]"
    >>> <> wrote in message
    >>> news:...
    >>>
    >>>> Hi,
    >>>> maybe i misunderstood you - do you say he overwrites the user?
    >>>> have you hooked up a SQL Profiler to the aspnetdb to see what's
    >>>> going on?
    >>>>
    >>>> ---------------------------------------
    >>>> Dominick Baier - DevelopMentor
    >>>> http://www.leastprivilege.com
    >>>>> Exactly,
    >>>>> As you can see from my previous post, i stated that it
    >>>>> populates
    >>>>> the membership database. This shouldn't be happening. I have the
    >>>>> necessary
    >>>>> error checking (exceptions ) that will execute if any error occurs.
    >>>>> What puszzles me is that the membership database is still being
    >>>>> populated even though requiresUniqueEmail = "true".
    >>>>> --Papanii
    >>>>>
    >>>>> "Dominick Baier [DevelopMentor]"
    >>>>> <> wrote in message
    >>>>> news:...
    >>>>>
    >>>>>> Hi,
    >>>>>> requiresUniqueEmail only makes sure that there are no duplicate
    >>>>>> emails in
    >>>>>> the membership table.
    >>>>>> ---------------------------------------
    >>>>>> Dominick Baier - DevelopMentor
    >>>>>> http://www.leastprivilege.com
    >>>>>>> Hi Guys,
    >>>>>>> I have a problem which I cannot seem to fix. I have a
    >>>>>>> registration page that requires users to fill in certain
    >>>>>>> information.
    >>>>>>> One of
    >>>>>>> the fields required is "user-Email". In my code behind page (c#),
    >>>>>>> I
    >>>>>>> used one of the overloaded Membership.createUser() methods to
    >>>>>>> create
    >>>>>>> the user which populates my aspnet_Membership table in the
    >>>>>>> aspnetdb
    >>>>>>> database. The problem I am having is, if a user subscribes with
    >>>>>>> an
    >>>>>>> email address already in the profile database, it still creates
    >>>>>>> the
    >>>>>>> user. In my web-config file under the providers tag, I specify
    >>>>>>> requiresUniqueEmail = "true". To be honest, I don't know where
    >>>>>>> else
    >>>>>>> to
    >>>>>>> look. I get the expected results if a user tries to subscribe
    >>>>>>> with
    >>>>>>> an
    >>>>>>> already existing username (I.e. user creation fails). I double
    >>>>>>> checked
    >>>>>>> the database to see if the emails where somewhat different but as
    >>>>>>> I
    >>>>>>> suspected, they where all the same. Any suggestions?
    >>>>>>> --Papanii

    >
    >
    >
     
    Papanii Okai, Jan 18, 2006
    #8
  9. Verify that ApplicationName is unique as well for each of your duplicate
    email addresses.
    --
    Christopher A. Reed
    "The oxen are slow, but the earth is patient."

    "Papanii Okai" <> wrote in message
    news:...
    > Hi Guys,
    > I have a problem which I cannot seem to fix. I have a
    > registration page that requires users to fill in certain information. One
    > of the fields required is "user-Email". In my code behind page (c#), I
    > used one of the overloaded Membership.createUser() methods to create the
    > user which populates my aspnet_Membership table in the aspnetdb database.
    > The problem I am having is, if a user subscribes with an email address
    > already in the profile database, it still creates the user. In my
    > web-config file under the providers tag, I specify requiresUniqueEmail =
    > "true". To be honest, I don't know where else to look. I get the expected
    > results if a user tries to subscribe with an already existing username
    > (I.e. user creation fails). I double checked the database to see if the
    > emails where somewhat different but as I suspected, they where all the
    > same. Any suggestions?
    >
    > --Papanii
    >
    >
    >
    >
     
    Christopher Reed, Jan 21, 2006
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andreas Suurkuusk
    Replies:
    0
    Views:
    4,035
    Andreas Suurkuusk
    Jul 27, 2003
  2. Ted Miller
    Replies:
    0
    Views:
    5,224
    Ted Miller
    Sep 13, 2003
  3. Merek
    Replies:
    0
    Views:
    2,001
    Merek
    Dec 3, 2003
  4. Papanii Okai

    UniqueEmail problem

    Papanii Okai, Jan 18, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    350
    Christopher Reed
    Jan 21, 2006
  5. Mike

    Problem problem problem :( Need Help

    Mike, May 7, 2004, in forum: ASP General
    Replies:
    2
    Views:
    581
    Bullschmidt
    May 11, 2004
Loading...

Share This Page