I am having an issue that I can't seem to figure out. Hopefully somebody can point me in the right direction, or give me other ideas to look into. I won't provide much code now because honestly I don't think it's a coding issue.
First, I have an ASP.NET 3.5 web application. I am using ASP.NET Membership libraries for my authentication. The data lies in a SQL Server 2005 database.
My application enables a user to fill out a request that gets saved in the database. The page to fill out a request lies in a subfolder that contains the following web.config file (I want users to be authenticated before they fill out the request):
<?xml version="1.0" encoding="utf-8"?> <configuration> <system.web> <authorization> <deny users="?" /> </authorization> </system.web> </configuration>
A user is required to log on or create a new account to fill out a request. When they submit a request, they get an email verification that it was submitted. The recipient address of this email verification is collected using:
So far this all seems fairly elementary and has worked without a hitch. However, I just receieved a few calls from our users of people who filled out the request and got the email, but the request could not be found in the system. I had them forward me the confirmation emails so I could view the recipient address and find the user in the ASP.NET Membership tables. However, I could not find the user based on the email, and I could find no trace of the Request in the database when I was given details on what they entered.
I have provided no method for users to delete their accounts or delete a request. There is no method to change an email address or edit pertinent data. The database is pretty locked down, with all queries being run through Stored Procedures.
Now, my question is, how in the heck is this possible? The user needs to be authenticated to fill out the request, and I have the confirmation email with the email address which I can't find in the system. The email address is gathered using the the method mentioned above, which to me proves that this user had to exist in the database with the specified email address at one time.
I really have no clue where to proceed from here. Does anybody have an ideas on what to check? I would appreciate any advice as I am stumped, and I can provide any additional info if needed.
Thanks in advance!
Whew, problem solved. The staging address was provided to the end user by the customer and the data was in the staging database. Looks like all of my conspiracy theories about database integrity were false. :-)
Thanks for all the suggestions!