| Bug #43339 | MembershipProvider.cs GetUserId doesn't use applicationId | ||
|---|---|---|---|
| Submitted: | 3 Mar 2009 20:31 | Modified: | 4 Mar 2009 14:15 |
| Reporter: | Todd Lumiere | Email Updates: | |
| Status: | Duplicate | Impact on me: | |
| Category: | Connector / NET | Severity: | S3 (Non-critical) |
| Version: | 5.2.5 | OS: | Windows |
| Assigned to: | CPU Architecture: | Any | |
| Tags: | MembershipProvider GetUserId | ||
[4 Mar 2009 7:01]
Tonci Grgin
Hi Todd and thanks for your report. I will set it to verified although it mirrors same problem as described in Bug#42574.
[4 Mar 2009 14:15]
Reggie Burnett
This is the same issue as bug #42574
Description: GetUserId in MembershipProvider.cs doesn't select with applicationId. Thus GetUserId returns the first record where username matches, regardless of which application is running. See GetUserId in RoleProvider.cs. Thanks. How to repeat: call GetUserId for a username which exists in several applications. Suggested fix: private int GetUserId(MySqlConnection connection, string username) { MySqlCommand cmd = new MySqlCommand( "SELECT id FROM my_aspnet_Users WHERE name LIKE @name AND applicationId = @appId", connection); cmd.Parameters.AddWithValue("@name", username); cmd.Parameters.AddWithValue("@appId", applicationId); object id = cmd.ExecuteScalar(); if (id == null) return -1; return (int)id; }