Personalization and Membership DIT Contains Duplicate GUIDs

• Microsoft Site Server version 3.0

SYMPTOMS

Personalization and Membership (P&M) allows multiple objects in the directory to possess the same Globally Unique Identifier (GUID). P&M ensures that CN is unique within a given container and GUIDs are generated uniquely.

CAUSE

Site Server cookie authentication does not automatically perform server-side checking to ensure that the same GUID is not being used by more then one user. This needs to be taken into account when developing the sign-up process.

WORKAROUND

Every time a user registers, make sure a new GUID is generated and used. This addresses the problem as it relates to the user registration/addition process.

Note: This is very similar to the Dtclib.inc file that is included with Site Server 3.0.

By definition GUIDs are unique, and in their creation, they are generated uniquely. However, depending on the implementation of the application or user registration process, the same GUID can inadvertently be assigned to more than one user. The following code sample outlines methods for preventing the accidental reuse of GUIDs within a Site Server Membership database.

This code sample outlines suggested handling for user registration, and migration from anonymous to permanent membership in a Site Server Membership database. This code provides examples of how to prevent the same GUID property from being improperly manipulated and inadvertently assigned to multiple members.

WARNING: The following sample code may or may not be applicable to your environment. Sample or registration code is commonly changed. Therefore, this code should be reviewed before implementing it, as the examples outline. In addition, existing code should be examined to determine where and if changes should be made to ensure proper function.

The following example was placed in the Dtclib.inc file (the Include file for Site Server 3.0 Sample ASP code) in a testing environment.

The MigrateUser function in the following example checks the cookie on the client and issues a new GUID if necessary. If there are no cookies present, the member is not migrated to the members container, unless a new GUID is issued.

' *************************************************************************
' Function name	:	MigrateUser
' Synopsis		:	Migrates anonymous user to registered user
' Parameters	:	oUserObject : Membership object to be moved
'					UserName : New name of account to use
'					ScriptID : ID used to bind to DS
'					ScriptPassword : Password used to bind to DS
' Returns		:	Empty string if no error, error message otherwise
' *************************************************************************
Function MigrateUser(oUserObject, UserName, ScriptID, ScriptPassword)
	On Error Resume Next
	'
	'Check if parameters are valid
	if not IsObject(oUserObject) or UserName = "" or ScriptID = "" or ScriptPassword = "" Then
		MigrateUser = "MigrateUser : " & L_InvalidParams
		Exit Function
	End if
	'
	' Check if cookie has GUID
	UserGUID = Request.Cookies("SITESERVER")("GUID")
	if UserGUID <> "" Then
		'
		' Get the parent object
		Set ParentUserObject = oUserObject.GetObjectAsUser(oUserObject.Parent)
		if Err <> 0 Then
			MigrateUser = "MigrateUser : " & L_GetParentFAIL
			Exit Function
		End if
		'
		' Get the grandparent object
		Set TargetContainer = oUserObject.GetObjectAsUser(ParentUserObject.Parent)
		if Err <> 0 Then
			MigrateUser = "MigrateUser : " & L_GetGrandParentFAIL
			Exit Function
		End if
		' 

'Generate a new GUID 
		Set objGuidGen = Server.CreateObject("Membership.GuidGen.1")
		if Err <> 0 Then
			MigrateUser = "MigrateUser: " & L_GUIDGenFAIL
			Exit Function
		End if
		strNewGuid = objGuidGen.GenerateGuid()
		if Err <> 0 Then
			MigrateUser = "MigrateUser: " & L_GenGUIDFAIL
			Exit Function
		End if
		' 

'Move the object to the target container
		Set NewTarget = TargetContainer.MoveHere(oUserObject.ADsPath, "cn=" & UserName)
		if Err <> 0 Then
			MigrateUser = "MigrateUser : " & L_MoveHereFAIL
			Exit Function
		End if
		'
		'Change the guid of the moved object
		NewTarget.Put "GUID", strNewGuid
		if Err <> 0 Then
			MigrateUser = "MigrateUser: " & L_StoreGUIDFAIL
 			Exit Function
		End if
' Commit the new GUID
		NewTarget.SetInfo()
		if Err <> 0 Then
			MigrateUser = "MigrateUser: " & L_NotStore
			Exit Function
		End if
		'
		' create cookie object
		Set NewCookie = Server.CreateObject("Membership.verifusr")
		if Err <> 0 Then
			MigrateUser = "MigrateUser : " & L_VerifusrFAIL
			Exit Function
		End if
		' 

		' Issue the new MEMUSER and GUID cookies
		NewCookie.IssueOldCookiesToNewUser cstr(UserName),cstr(strNewGuid)
		if Err <> 0 Then
			MigrateUser = "MigrateUser : " & L_IssueCookieOldFAILED
			Exit Function
		End if
	
	End if
End Function 

MORE INFORMATION

Microsoft provides programming examples for illustration only, without warranty either expressed or implied, including, but not limited to, the implied warranties of merchantability and/or fitness for a particular purpose. This article assumes that you are familiar with the programming language being demonstrated and the tools used to create and debug procedures. Microsoft support professionals can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific needs. If you have limited programming experience, you may want to contact a Microsoft Certified Solution Provider or the Microsoft fee-based consulting line at (800) 936-5200. For more information about Microsoft Certified Solution Providers, please see the following page on the World Wide Web:

http://www.microsoft.com/mcsp/

http://www.microsoft.com/support/supportnet/overview/overview.asp

REFERENCES

For additional information on scenarios involving duplicate GUIDs, click the article number below to view the article in the Microsoft Knowledge Base:

Q238647 Proxy Caching May Cause Multiple Clients to Receive Same GUID

Additional query words:

Keywords :
Version : winnt:3.0
Platform : winnt
Issue type : kbprb