Change username in ASP.NET Membership Provider

Found a great article here about the process of changing the username with the ASP.NET Membership Provider.

Here is a summary of the process that I found best useful which is one of the comments:

1. Make sure New UserName is Unique

2. Update the aspnet_Users table directly

3. Execute to following code to change the username/cookie/identity without leaving the webpage…

‘ Obtains the name of the FormsAuthentication Cookie, uses that name to request the Cookie and Decrypts the Cookies information into a AuthTicket

Dim AuthTicket As FormsAuthenticationTicket = FormsAuthentication.Decrypt(HttpContext.Current.Request.Cookies(FormsAuthentication.FormsCookieName).Value)

‘ Instantiates a new user identity authenticated using forms authentication based on the FormsAuthenticationTicket.

‘ The FormsAuthenticationTicket has been created using the exact same parameters of the user with the Old Username except the Old Username has been updated with the New Username.

Dim NewFormsIdentity As New FormsIdentity(New FormsAuthenticationTicket(AuthTicket.Version, NewUsername, AuthTicket.IssueDate, AuthTicket.Expiration, AuthTicket.IsPersistent, AuthTicket.UserData))

‘ Parse out the AuthTicket’s UserData into a string array of Roles

Dim Roles As String() = AuthTicket.UserData.Split(“|”.ToCharArray)

‘ Creates a new user that has the NewFormsIdentity and belongs to the array of Roles, if any, that was stored in the FormsAuthenticationTicket

Dim NewGenericPrincipal As New System.Security.Principal.GenericPrincipal(NewFormsIdentity, Roles)

‘ Sets the security information for the current HTTP request to the new user. The Username has now been changed (i.e. HttpContext.Current.User.Identity.Name = NewUsername, prior to this step is was the OldUsername)

HttpContext.Current.User = NewGenericPrincipal

‘ Removes the forms-authentication ticket from the browser


‘ Cancels the current session


‘ Creates an authentication ticket for the supplied New Username and adds it to the cookies collection of the response or the URL

FormsAuthentication.SetAuthCookie(HttpContext.Current.User.Identity.Name, AuthTicket.IsPersistent)

4. Response.Redirect back to the same page if needed.


IIS Wont start error 13 data is invalid

I got the following error when trying to figure out why I couldn’t start IIS 7 on Windows Server 2008 R2.    I tried to start the World Wide Web Publishing Service but its dependency Windows Activation Service wouldn’t start.   I got the following error in the Event Log:

The Windows Process Activation Service service terminated with the following error:
The data is invalid.

After doing some research, I found a good article here.   But I still had the issue, it turned out that I had a valid applicationHost.config file but my C:\Windows\system32\inetsrv\config\schema\NetFx40_IIS_schema_update.xml file was corrupt and had invalid XML.   So I was able to recover the XML file from the C:\inetput\history\schema folder.  Fewl!   Run all the services again and had no problems.


A way around page refreshes/back button problems with a simple concept

The problem:

You have a form in which the user fills out and clicks a “submit” button that validates their input, does some processing and output’s some results. The problem being the application needs to cater for page refreshes, back buttons and the case of the page being submitted more than once (latency/slow internet connection).

The Solution:

Possible solutions can be (this assumes not using Ajax as a solution), once the user clicks the submit button the server validates the user’s input and has processed the information. Store a unique id in session and redirect to a “complete” page. If the user clicks the back button and resubmits the page, you can build logic to check if a unique id exists in session and if it does, redirect to the complete page without having to re-process the information.

If the user is on the complete page and refreshes the page, because its on a page which has used a GET, there is no processing done and hence no duplication of data.