Microsoft KB Archive/241431

= Personalization and Membership DIT Contains Duplicate GUIDs =

Article ID: 241431

Article Last Modified on 6/23/2005

-

APPLIES TO


 * Microsoft Site Server 3.0 Standard Edition

-



This article was previously published under Q241431



SYMPTOMS
Personalization and Membership (P&M) allows multiple objects in the directory to possess the same Globally Unique Identifier (GUID). P&M ensures that CN is unique within a given container and GUIDs are generated uniquely.



CAUSE
Site Server cookie authentication does not automatically perform server-side checking to ensure that the same GUID is not being used by more then one user. This needs to be taken into account when developing the sign-up process.



WORKAROUND
Every time a user registers, make sure a new GUID is generated and used. This addresses the problem as it relates to the user registration/addition process.

Note: This is very similar to the Dtclib.inc file that is included with Site Server 3.0.

By definition GUIDs are unique, and in their creation, they are generated uniquely. However, depending on the implementation of the application or user registration process, the same GUID can inadvertently be assigned to more than one user. The following code sample outlines methods for preventing the accidental reuse of GUIDs within a Site Server Membership database.

This code sample outlines suggested handling for user registration, and migration from anonymous to permanent membership in a Site Server Membership database. This code provides examples of how to prevent the same GUID property from being improperly manipulated and inadvertently assigned to multiple members.

WARNING: The following sample code may or may not be applicable to your environment. Sample or registration code is commonly changed. Therefore, this code should be reviewed before implementing it, as the examples outline. In addition, existing code should be examined to determine where and if changes should be made to ensure proper function.

The following example was placed in the Dtclib.inc file (the Include file for Site Server 3.0 Sample ASP code) in a testing environment.

The MigrateUser function in the following example checks the cookie on the client and issues a new GUID if necessary. If there are no cookies present, the member is not migrated to the members container, unless a new GUID is issued.

' ************************************************************************* ' Function name :  MigrateUser ' Synopsis     :   Migrates anonymous user to registered user ' Parameters   :   oUserObject : Membership object to be moved '                  UserName : New name of account to use '                  ScriptID : ID used to bind to DS '                   ScriptPassword : Password used to bind to DS ' Returns       :   Empty string if no error, error message otherwise ' ************************************************************************* Function MigrateUser(oUserObject, UserName, ScriptID, ScriptPassword) On Error Resume Next '   'Check if parameters are valid if not IsObject(oUserObject) or UserName = "" or ScriptID = "" or ScriptPassword = "" Then MigrateUser = "MigrateUser : " & L_InvalidParams Exit Function End if   ' ' Check if cookie has GUID UserGUID = Request.Cookies("SITESERVER")("GUID") if UserGUID <> "" Then '       ' Get the parent object Set ParentUserObject = oUserObject.GetObjectAsUser(oUserObject.Parent) if Err <> 0 Then MigrateUser = "MigrateUser : " & L_GetParentFAIL Exit Function End if       ' ' Get the grandparent object Set TargetContainer = oUserObject.GetObjectAsUser(ParentUserObject.Parent) if Err <> 0 Then MigrateUser = "MigrateUser : " & L_GetGrandParentFAIL Exit Function End if       ' This generates a new GUID. The GUID created in this section should be assigned to members moved from the anonymous container into the members container to ensure that an existing GUID is not reused when registering a user in this method. 'Generate a new GUID Set objGuidGen = Server.CreateObject("Membership.GuidGen.1") if Err <> 0 Then MigrateUser = "MigrateUser: " & L_GUIDGenFAIL Exit Function End if       strNewGuid = objGuidGen.GenerateGuid if Err <> 0 Then MigrateUser = "MigrateUser: " & L_GenGUIDFAIL Exit Function End if       ' The MoveHere function performs the move of a member from the anonymous container to the members container. The following code assigns the newly generated GUID (above) to the member when moved into the members container. 'Move the object to the target container Set NewTarget = TargetContainer.MoveHere(oUserObject.ADsPath, "cn=" & UserName) if Err <> 0 Then MigrateUser = "MigrateUser : " & L_MoveHereFAIL Exit Function End if       ' 'Change the guid of the moved object NewTarget.Put "GUID", strNewGuid if Err <> 0 Then MigrateUser = "MigrateUser: " & L_StoreGUIDFAIL Exit Function End if ' Commit the new GUID NewTarget.SetInfo if Err <> 0 Then MigrateUser = "MigrateUser: " & L_NotStore Exit Function End if       ' ' create cookie object Set NewCookie = Server.CreateObject("Membership.verifusr") if Err <> 0 Then MigrateUser = "MigrateUser : " & L_VerifusrFAIL Exit Function End if       ' This issues both the MEMUSER and Site Server cookies. This ensures that GUIDs from stray cookies are not adopted when requested by Site Server. ' Issue the new MEMUSER and GUID cookies NewCookie.IssueOldCookiesToNewUser cstr(UserName),cstr(strNewGuid) if Err <> 0 Then MigrateUser = "MigrateUser : " & L_IssueCookieOldFAILED Exit Function End if   End if End Function



MORE INFORMATION
Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.

http://www.microsoft.com/partner/referral/

For more information about the support options that are available and about how to contact Microsoft, visit the following Microsoft Web site:

http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS

