MembershipProvider.UpdateUser (Bug #29)


Added by Rodney Lai almost 9 years ago. Updated over 4 years ago.


Status:Resolved Start date:09/15/2009
Priority:Normal Due date:01/26/2013
Assignee:Daniel Nauck % Done:

100%

Category:Membership Spent time: 2.00 hours
Target version:2.0 Estimated time:1.00 hour

Description

MembershipProvider.UpdateUser doesn't look at RequiresUniqueEmail when saving new e-mail address


History

Updated by Daniel Nauck almost 9 years ago

  • Assignee set to Daniel Nauck
  • Category set to Membership
  • Target version set to 2.0

Updated by Daniel Nauck over 8 years ago

As far as i know the original SqlMembershipProvider also does not check for unique e-mail addresses in the UpdateUser method.

Should we implement this as optional feature?

  • % Done changed from 0 to 10
  • Status changed from New to Feedback

Updated by Daniel Nauck over 8 years ago

The default membership behavior is not to check for unique emails while updating a user.

If i implement a custom exception that is thrown when updating a user it maybe that the caller of UpdateUser() is not aware of this exception.

So if you want to validate unique email addresses try the following code:

1var user = myMembershipUserObject;
2
3if (!string.IsNullOrEmpty(Membership.GetUserNameByEmail(user.Email)))
4    throw new Exception("Duplicate email address...");
5
6Membersip.IpdateUser(user);
  • % Done changed from 10 to 100
  • Due date set to 01/28/2010
  • Status changed from Feedback to Rejected

Updated by Rodney Lai over 8 years ago

yeah, the default behavior is not to check for unique email address, but
there is an option RequiresUniqueEmail in MembershipProvider
and if this property is set to true UpdateUser throws an exception
if the email address is not unique

Updated by Daniel Nauck over 8 years ago

Hello,

you're right.

I get the following exception when calling Membership.UpdateUser() when the e-mail address already exists:

English:

System.Configuration.Provider.ProviderException was unhandled by user code
  Message="The E-mail supplied is invalid." 
  Source="System.Web" 
  StackTrace:
       at System.Web.Security.SqlMembershipProvider.UpdateUser(MembershipUser user)
       at System.Web.Security.MembershipUser.Update()
       at System.Web.Security.Membership.UpdateUser(MembershipUser user)
  InnerException: 

German:

System.Configuration.Provider.ProviderException was unhandled by user code
  Message="Die angegebene E-Mail-Adresse ist ung├╝ltig." 
  Source="System.Web" 
  StackTrace:
       bei System.Web.Security.SqlMembershipProvider.UpdateUser(MembershipUser user)
       bei System.Web.Security.MembershipUser.Update()
       bei System.Web.Security.Membership.UpdateUser(MembershipUser user)
  InnerException:

So, ticket is reopend. I'll fix this asap.

Thanks.

  • % Done changed from 100 to 20
  • Due date deleted (01/28/2010)
  • Status changed from Rejected to Assigned
  • Estimated time set to 1.00

Updated by Daniel Nauck over 5 years ago

  • Due date set to 01/26/2013
  • % Done changed from 20 to 100
  • Status changed from Assigned to Resolved

Updated by Nestor Lobo over 4 years ago

Hi, Daniel

We are using your provider implementation in some project and they all work perfect, thanks for the good and hard work.

However we had found and issue related to the UpdateUser method, as the implementation is right now it will only work if you update a user instance changing his own email before updating.
This is not the expected behavior is it should work changing any other values but not the email, i.e. IsApprove.

Indeed we just look around on some other implementation and they use an extra check to skip the user being updated.

Code taken from: [[https://sqlcemembership.codeplex.com/SourceControl/latest#App_Code/SqlCeMembershipProvider.cs]]

New version:

     if (RequiresUniqueEmail)
            {
                string userName = GetUserNameByEmail(user.Email);
                if (!string.IsNullOrWhiteSpace(userName) && !userName.Equals(user.UserName, StringComparison.InvariantCultureIgnoreCase))
                    throw new ProviderException("The e-mail address that you entered is already in use. Please enter a different e-mail address.");
            }

Instead of current version:

            // validate duplicate email address, see issue #29
            if (RequiresUniqueEmail && !string.IsNullOrEmpty(GetUserNameByEmail(user.Email)))
                throw new ProviderException("Duplicate E-mail address. The E-mail supplied is invalid.");

Let us know what you think...
Regards
Nestor

Also available in: Atom PDF