ASP.NET 成员资格/SQL Server 问题 - 丢失数据
我有一个我似乎无法弄清楚的问题。希望有人能给我指出正确的方向,或者给我其他的想法来研究。我现在不会提供太多代码,因为老实说我不认为这是一个编码问题。
首先,我有一个 ASP.NET 3.5 Web 应用程序。我正在使用 ASP.NET 会员库进行身份验证。数据位于 SQL Server 2005 数据库中。
我的应用程序使用户能够填写保存在数据库中的请求。填写请求的页面位于包含以下 web.config 文件的子文件夹中(我希望用户在填写请求之前进行身份验证): 用户
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
需要登录或创建一个新帐户才能填写要求。当他们提交请求时,他们会收到一封电子邮件,验证请求已提交。该电子邮件验证的收件人地址是通过以下方式收集的:
Membership.GetUser().Email
到目前为止,这一切似乎相当简单,并且运行顺利。然而,我刚刚接到了一些填写请求并收到电子邮件的用户的电话,但在系统中找不到该请求。我让他们向我转发确认电子邮件,以便我可以查看收件人地址并在 ASP.NET 成员资格表中找到用户。但是,我无法根据电子邮件找到该用户,并且当我获得有关他们输入内容的详细信息时,我在数据库中找不到该请求的踪迹。
我没有为用户提供删除帐户或删除请求的方法。无法更改电子邮件地址或编辑相关数据。数据库被完全锁定,所有查询都通过存储过程运行。
现在,我的问题是,这到底怎么可能?用户需要经过身份验证才能填写请求,并且我收到了确认电子邮件,其中的电子邮件地址在系统中找不到。电子邮件地址是使用上述方法收集的,对我来说,这证明该用户必须一次性存在于数据库中并具有指定的电子邮件地址。
我真的不知道从这里继续往哪里走。有人知道要检查什么吗?我很感激任何建议,因为我很困惑,如果需要,我可以提供任何其他信息。
提前致谢!
I am having an issue that I can't seem to figure out. Hopefully somebody can point me in the right direction, or give me other ideas to look into. I won't provide much code now because honestly I don't think it's a coding issue.
First, I have an ASP.NET 3.5 web application. I am using ASP.NET Membership libraries for my authentication. The data lies in a SQL Server 2005 database.
My application enables a user to fill out a request that gets saved in the database. The page to fill out a request lies in a subfolder that contains the following web.config file (I want users to be authenticated before they fill out the request):
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
A user is required to log on or create a new account to fill out a request. When they submit a request, they get an email verification that it was submitted. The recipient address of this email verification is collected using:
Membership.GetUser().Email
So far this all seems fairly elementary and has worked without a hitch. However, I just receieved a few calls from our users of people who filled out the request and got the email, but the request could not be found in the system. I had them forward me the confirmation emails so I could view the recipient address and find the user in the ASP.NET Membership tables. However, I could not find the user based on the email, and I could find no trace of the Request in the database when I was given details on what they entered.
I have provided no method for users to delete their accounts or delete a request. There is no method to change an email address or edit pertinent data. The database is pretty locked down, with all queries being run through Stored Procedures.
Now, my question is, how in the heck is this possible? The user needs to be authenticated to fill out the request, and I have the confirmation email with the email address which I can't find in the system. The email address is gathered using the the method mentioned above, which to me proves that this user had to exist in the database with the specified email address at one time.
I really have no clue where to proceed from here. Does anybody have an ideas on what to check? I would appreciate any advice as I am stumped, and I can provide any additional info if needed.
Thanks in advance!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
呼,问题解决了。暂存地址由客户提供给最终用户,数据位于暂存数据库中。看起来我所有关于数据库完整性的阴谋论都是错误的。 :-)
感谢您的所有建议!
Whew, problem solved. The staging address was provided to the end user by the customer and the data was in the staging database. Looks like all of my conspiracy theories about database integrity were false. :-)
Thanks for all the suggestions!
如果我不得不在没有看到注册过程中的代码的情况下进行猜测,我会说在将记录保存到数据库时存在一些错误,但在发送电子邮件时却没有。如果这两个操作都包含在可能解决您的问题的事务中,那么除非将记录保存到数据库,否则人们不会收到电子邮件,反之亦然。您是否启用了任何日志记录来显示保存到数据库的任何错误?
If I had to guess without seeing the code that is part of the registration process I would say there is some error in saving the record to the database but not in sending the email. If both actions were wrapped in a transaction that might solve your problem, that way people wouldn't recieve an email unless the record was saved to the DB and vice versa. Do you have any logging enabled that would show any errors saving to the DB?
我首先发布了要求代码的评论,因为如果没有代码,这将很难回答,但我想到了两种可能性。任何一种都允许发送电子邮件,但数据不会写入数据库:
(不太可能,因为您很容易发现并且现在已经捕获它)发送电子邮件的代码email 在保存到数据库之前执行。
(更有可能)错误处理中存在缺陷,即使数据库保存有错误,也会允许发送电子邮件,例如:
尝试
<前><代码>{
保存待办事项();
}
捕获(异常前)
{
// 这里有一些东西
}
发送电子邮件();
I posted the comment asking for code first, because without the code this will be hard to answer, but two possibilities come to mind. Either one would allow the email to be sent, but the data not being written tot he database:
(Not likely as it would be easy for you to spot and you'd have caught it by now) The code for sending the email is executed before saving to the database.
(more likely) There is a flaw in the error handling that will allow the email to be sent even if the DB save is in error, such as:
try