Link to home
Start Free TrialLog in
Avatar of MohitPandit
MohitPanditFlag for India

asked on

ASP.NET: Security Breech

Hello,

I've one website and around 500 users concurrently logged in at global level.

Yesterday, one user reported one issue that once he tried to log-in then he saw different user name automatically in text box at login page.

Could you please assist me, what are the different reasons for that?

FYI, we are using form authentication in the application.

Best Regards
Avatar of Imran Javed Zia
Imran Javed Zia
Flag of Pakistan image
It is very difficult to identify such issue without detail analysis and there can be any problem, I may recommend to check following things first:
You may have to check your login authentication, check if login are unique?
make sure that you are managing session properly.
if you are using claim/token for authorization then make sure, your code is not generating duplicate token/claims.
Avatar of MohitPandit
MohitPandit
Flag of India image

ASKER

Okay, let me check aforesaid things.

Best Regards
Avatar of MohitPandit
MohitPandit
Flag of India image

ASKER

I am not using claim/token. Please find below exact situations:


This issue is happening often to users, where they type in their username and password and then login, and the system refreshes the page and it pops up with someone elses username and then the password is blank
ASKER CERTIFIED SOLUTION
Avatar of Imran Javed Zia
Imran Javed Zia
Flag of Pakistan image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of MohitPandit
MohitPandit
Flag of India image

ASKER

Yes, I shall dig into detail and update you.

Best Regards
Avatar of kaufmed
kaufmed
Flag of United States of America image
Are you working in a load-balanced environment? It sounds like you've got session issues.
Avatar of MohitPandit
MohitPandit
Flag of India image

ASKER

No, load balanced is not implemented.

Best Regards
Avatar of MohitPandit
MohitPandit
Flag of India image

ASKER

No caching implemented. I'll try to dig more and let you update.

Best Regards
Avatar of MohitPandit
MohitPandit
Flag of India image

ASKER

I couldn't resume from this problem yet.

Best Regards
Avatar of Imran Javed Zia
Imran Javed Zia
Flag of Pakistan image
Mohit,

In such case you may have to post related Login Page code (all related aspx/cs and js)
Avatar of MohitPandit
MohitPandit
Flag of India image

ASKER

Lately, came to know output cache was implemented. I've removed and didn't get any issue so far.