ASP.NET: Security Breech

Hello,

I've one website and around 500 users concurrently logged in at global level.

Yesterday, one user reported one issue that once he tried to log-in then he saw different user name automatically in text box at login page.

Could you please assist me, what are the different reasons for that?

FYI, we are using form authentication in the application.

Best Regards
LVL 5
MohitPanditAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Imran Javed ZiaConsultant Software Engineer - .NET ArchitectCommented:
It is very difficult to identify such issue without detail analysis and there can be any problem, I may recommend to check following things first:
You may have to check your login authentication, check if login are unique?
make sure that you are managing session properly.
if you are using claim/token for authorization then make sure, your code is not generating duplicate token/claims.
0
MohitPanditAuthor Commented:
Okay, let me check aforesaid things.

Best Regards
0
MohitPanditAuthor Commented:
I am not using claim/token. Please find below exact situations:


This issue is happening often to users, where they type in their username and password and then login, and the system refreshes the page and it pops up with someone elses username and then the password is blank
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Imran Javed ZiaConsultant Software Engineer - .NET ArchitectCommented:
in this case make sure that login page has not being cached. secondly check your code for login fail (what your code does if user is not authenticated).
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MohitPanditAuthor Commented:
Yes, I shall dig into detail and update you.

Best Regards
0
käµfm³d 👽Commented:
Are you working in a load-balanced environment? It sounds like you've got session issues.
0
MohitPanditAuthor Commented:
No, load balanced is not implemented.

Best Regards
0
MohitPanditAuthor Commented:
No caching implemented. I'll try to dig more and let you update.

Best Regards
0
MohitPanditAuthor Commented:
I couldn't resume from this problem yet.

Best Regards
0
Imran Javed ZiaConsultant Software Engineer - .NET ArchitectCommented:
Mohit,

In such case you may have to post related Login Page code (all related aspx/cs and js)
0
MohitPanditAuthor Commented:
Lately, came to know output cache was implemented. I've removed and didn't get any issue so far.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP.NET

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.