Personalization and Membership DIT Contains Duplicate GUIDs

ID: Q241431


The information in this article applies to:
  • Microsoft Site Server version 3.0


SYMPTOMS

Personalization and Membership (P&M) allows multiple objects in the directory to possess the same Globally Unique Identifier (GUID). P&M ensures that CN is unique within a given container and GUIDs are generated uniquely.


CAUSE

Site Server cookie authentication does not automatically perform server-side checking to ensure that the same GUID is not being used by more then one user. This needs to be taken into account when developing the sign-up process.


WORKAROUND

Every time a user registers, make sure a new GUID is generated and used. This addresses the problem as it relates to the user registration/addition process.

Note: This is very similar to the Dtclib.inc file that is included with Site Server 3.0.

By definition GUIDs are unique, and in their creation, they are generated uniquely. However, depending on the implementation of the application or user registration process, the same GUID can inadvertently be assigned to more than one user. The following code sample outlines methods for preventing the accidental reuse of GUIDs within a Site Server Membership database.

This code sample outlines suggested handling for user registration, and migration from anonymous to permanent membership in a Site Server Membership database. This code provides examples of how to prevent the same GUID property from being improperly manipulated and inadvertently assigned to multiple members.

WARNING: The following sample code may or may not be applicable to your environment. Sample or registration code is commonly changed. Therefore, this code should be reviewed before implementing it, as the examples outline. In addition, existing code should be examined to determine where and if changes should be made to ensure proper function.

The following example was placed in the Dtclib.inc file (the Include file for Site Server 3.0 Sample ASP code) in a testing environment.

The MigrateUser function in the following example checks the cookie on the client and issues a new GUID if necessary. If there are no cookies present, the member is not migrated to the members container, unless a new GUID is issued.


' *************************************************************************
' Function name	:	MigrateUser
' Synopsis		:	Migrates anonymous user to registered user
' Parameters	:	oUserObject : Membership object to be moved
'					UserName : New name of account to use
'					ScriptID : ID used to bind to DS
'					ScriptPassword : Password used to bind to DS
' Returns		:	Empty string if no error, error message otherwise
' *************************************************************************
Function MigrateUser(oUserObject, UserName, ScriptID, ScriptPassword)
	On Error Resume Next
	'
	'Check if parameters are valid
	if not IsObject(oUserObject) or UserName = "" or ScriptID = "" or ScriptPassword = "" Then
		MigrateUser = "MigrateUser : " & L_InvalidParams
		Exit Function
	End if
	'
	' Check if cookie has GUID
	UserGUID = Request.Cookies("SITESERVER")("GUID")
	if UserGUID <> "" Then
		'
		' Get the parent object
		Set ParentUserObject = oUserObject.GetObjectAsUser(oUserObject.Parent)
		if Err <> 0 Then
			MigrateUser = "MigrateUser : " & L_GetParentFAIL
			Exit Function
		End if
		'
		' Get the grandparent object
		Set TargetContainer = oUserObject.GetObjectAsUser(ParentUserObject.Parent)
		if Err <> 0 Then
			MigrateUser = "MigrateUser : " & L_GetGrandParentFAIL
			Exit Function
		End if
		' 
This generates a new GUID. The GUID created in this section should be assigned to members moved from the anonymous container into the members container to ensure that an existing GUID is not reused when registering a user in this method.

'Generate a new GUID 
		Set objGuidGen = Server.CreateObject("Membership.GuidGen.1")
		if Err <> 0 Then
			MigrateUser = "MigrateUser: " & L_GUIDGenFAIL
			Exit Function
		End if
		strNewGuid = objGuidGen.GenerateGuid()
		if Err <> 0 Then
			MigrateUser = "MigrateUser: " & L_GenGUIDFAIL
			Exit Function
		End if
		' 
The MoveHere function performs the move of a member from the anonymous container to the members container. The following code assigns the newly generated GUID (above) to the member when moved into the members container.

'Move the object to the target container
		Set NewTarget = TargetContainer.MoveHere(oUserObject.ADsPath, "cn=" & UserName)
		if Err <> 0 Then
			MigrateUser = "MigrateUser : " & L_MoveHereFAIL
			Exit Function
		End if
		'
		'Change the guid of the moved object
		NewTarget.Put "GUID", strNewGuid
		if Err <> 0 Then
			MigrateUser = "MigrateUser: " & L_StoreGUIDFAIL
 			Exit Function
		End if
' Commit the new GUID
		NewTarget.SetInfo()
		if Err <> 0 Then
			MigrateUser = "MigrateUser: " & L_NotStore
			Exit Function
		End if
		'
		' create cookie object
		Set NewCookie = Server.CreateObject("Membership.verifusr")
		if Err <> 0 Then
			MigrateUser = "MigrateUser : " & L_VerifusrFAIL
			Exit Function
		End if
		' 
This issues both the MEMUSER and Site Server cookies. This ensures that GUIDs from stray cookies are not adopted when requested by Site Server.

		' Issue the new MEMUSER and GUID cookies
		NewCookie.IssueOldCookiesToNewUser cstr(UserName),cstr(strNewGuid)
		if Err <> 0 Then
			MigrateUser = "MigrateUser : " & L_IssueCookieOldFAILED
			Exit Function
		End if
	
	End if
End Function 


MORE INFORMATION

Microsoft provides programming examples for illustration only, without warranty either expressed or implied, including, but not limited to, the implied warranties of merchantability and/or fitness for a particular purpose. This article assumes that you are familiar with the programming language being demonstrated and the tools used to create and debug procedures. Microsoft support professionals can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific needs. If you have limited programming experience, you may want to contact a Microsoft Certified Solution Provider or the Microsoft fee-based consulting line at (800) 936-5200. For more information about Microsoft Certified Solution Providers, please see the following page on the World Wide Web:

http://www.microsoft.com/mcsp/
For more information about the support options available from Microsoft, please see the following page on the World Wide Web:

http://www.microsoft.com/support/supportnet/overview/overview.asp


REFERENCES

For additional information on scenarios involving duplicate GUIDs, click the article number below to view the article in the Microsoft Knowledge Base:

Q238647 Proxy Caching May Cause Multiple Clients to Receive Same GUID

Additional query words:

Keywords :
Version : winnt:3.0
Platform : winnt
Issue type : kbprb


Last Reviewed: October 1, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.