Personalization and Membership DIT Contains Duplicate GUIDs
ID: Q241431
|
The information in this article applies to:
-
Microsoft Site Server version 3.0
SYMPTOMS
Personalization and Membership (P&M) allows multiple objects in the directory to possess the same Globally Unique Identifier (GUID). P&M ensures that CN is unique within a given container and GUIDs are generated uniquely.
CAUSE
Site Server cookie authentication does not automatically perform server-side checking to ensure that the same GUID is not being used by more then one user. This needs to be taken into account when developing the sign-up process.
WORKAROUND
Every time a user registers, make sure a new GUID is generated and used. This addresses the problem as it relates to the user registration/addition process.
Note: This is very similar to the Dtclib.inc file that is included with Site Server 3.0.
By definition GUIDs are unique, and in their creation, they are generated uniquely. However, depending on the implementation of the application or user registration process, the same GUID can inadvertently be assigned to more than one user. The following code sample outlines methods for preventing the accidental reuse of GUIDs within a Site Server Membership database.
This code sample outlines suggested handling for user registration, and migration from anonymous to permanent membership in a Site Server Membership database. This code provides examples of how to prevent the same GUID property from being improperly manipulated and inadvertently assigned to multiple members.
WARNING:
The following sample code may or may not be applicable to your environment. Sample or registration code is commonly changed. Therefore, this code should be reviewed before implementing it, as the examples outline. In addition, existing code should be examined to determine where and if changes should be made to ensure proper function.
The following example was placed in the Dtclib.inc file (the Include file for Site Server 3.0 Sample ASP code) in a testing environment.
The MigrateUser function in the following example checks the cookie on the client and issues a new GUID if necessary. If there are no cookies present, the member is not migrated to the members container, unless a new GUID is issued.
' *************************************************************************
' Function name : MigrateUser
' Synopsis : Migrates anonymous user to registered user
' Parameters : oUserObject : Membership object to be moved
' UserName : New name of account to use
' ScriptID : ID used to bind to DS
' ScriptPassword : Password used to bind to DS
' Returns : Empty string if no error, error message otherwise
' *************************************************************************
Function MigrateUser(oUserObject, UserName, ScriptID, ScriptPassword)
On Error Resume Next
'
'Check if parameters are valid
if not IsObject(oUserObject) or UserName = "" or ScriptID = "" or ScriptPassword = "" Then
MigrateUser = "MigrateUser : " & L_InvalidParams
Exit Function
End if
'
' Check if cookie has GUID
UserGUID = Request.Cookies("SITESERVER")("GUID")
if UserGUID <> "" Then
'
' Get the parent object
Set ParentUserObject = oUserObject.GetObjectAsUser(oUserObject.Parent)
if Err <> 0 Then
MigrateUser = "MigrateUser : " & L_GetParentFAIL
Exit Function
End if
'
' Get the grandparent object
Set TargetContainer = oUserObject.GetObjectAsUser(ParentUserObject.Parent)
if Err <> 0 Then
MigrateUser = "MigrateUser : " & L_GetGrandParentFAIL
Exit Function
End if
'
This generates a new GUID. The GUID created in this section should be assigned to members moved from the anonymous container into the members container to ensure that an existing GUID is not reused when registering a user in this method.
'Generate a new GUID
Set objGuidGen = Server.CreateObject("Membership.GuidGen.1")
if Err <> 0 Then
MigrateUser = "MigrateUser: " & L_GUIDGenFAIL
Exit Function
End if
strNewGuid = objGuidGen.GenerateGuid()
if Err <> 0 Then
MigrateUser = "MigrateUser: " & L_GenGUIDFAIL
Exit Function
End if
'
The MoveHere function performs the move of a member from the anonymous container to the members container. The following code assigns the newly generated GUID (above) to the member when moved into the members container.
'Move the object to the target container
Set NewTarget = TargetContainer.MoveHere(oUserObject.ADsPath, "cn=" & UserName)
if Err <> 0 Then
MigrateUser = "MigrateUser : " & L_MoveHereFAIL
Exit Function
End if
'
'Change the guid of the moved object
NewTarget.Put "GUID", strNewGuid
if Err <> 0 Then
MigrateUser = "MigrateUser: " & L_StoreGUIDFAIL
Exit Function
End if
' Commit the new GUID
NewTarget.SetInfo()
if Err <> 0 Then
MigrateUser = "MigrateUser: " & L_NotStore
Exit Function
End if
'
' create cookie object
Set NewCookie = Server.CreateObject("Membership.verifusr")
if Err <> 0 Then
MigrateUser = "MigrateUser : " & L_VerifusrFAIL
Exit Function
End if
'
This issues both the MEMUSER and Site Server cookies. This ensures that GUIDs from stray cookies are not adopted when requested by Site Server.
' Issue the new MEMUSER and GUID cookies
NewCookie.IssueOldCookiesToNewUser cstr(UserName),cstr(strNewGuid)
if Err <> 0 Then
MigrateUser = "MigrateUser : " & L_IssueCookieOldFAILED
Exit Function
End if
End if
End Function
MORE INFORMATION
Microsoft provides programming examples for illustration only, without warranty
either expressed or implied, including, but not limited to, the implied warranties of
merchantability and/or fitness for a particular purpose. This article assumes that you
are familiar with the programming language being demonstrated and the tools used to
create and debug procedures. Microsoft support professionals can help explain the functionality
of a particular procedure, but they will not modify these examples to provide added
functionality or construct procedures to meet your specific needs. If you have limited
programming experience, you may want to contact a Microsoft Certified Solution Provider
or the Microsoft fee-based consulting line at (800) 936-5200. For more information about
Microsoft Certified Solution Providers, please see the following page on the World Wide Web:
http://www.microsoft.com/mcsp/
For more information about the support options available from Microsoft, please see the
following page on the World Wide Web:
http://www.microsoft.com/support/supportnet/overview/overview.asp
REFERENCES
For additional information on scenarios involving duplicate GUIDs, click the article number below
to view the article in the Microsoft Knowledge Base:
Q238647 Proxy Caching May Cause Multiple Clients to Receive Same GUID
Additional query words:
Keywords :
Version : winnt:3.0
Platform : winnt
Issue type : kbprb