Home/ Questions/Q 7020107
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T23:16:31+00:00

Per Microsoft’s ProfileInfo definition http://msdn.microsoft.com/en-us/library/system.web.profile.profileinfo.aspx , an unauthenticated profileinfo object has a username; naturally

  • 0

Per Microsoft’s ProfileInfo definition http://msdn.microsoft.com/en-us/library/system.web.profile.profileinfo.aspx, an unauthenticated profileinfo object has a username; naturally this must be keyed off of to persist/ reference profile information in a given session (I am assuming it is session-based). I’m guessing this is some guid or something, but I don’t see where this is defined, created, tracked, etc. Can someone point me in the right direction?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Well… The question interested me so I’ve decided to do some research.

    A bit of digging in documentation lead me first to Implementing a Profile Provider MSDN article, where I’ve found the following:

    GetPropertyValues method

    Takes as input a SettingsContext and a SettingsPropertyCollection
    object.

    The SettingsContext provides information about the user. You can use
    the information as a primary key to retrieve profile property
    information for the user. Use the SettingsContext object to get the
    user name and whether the user is authenticated or anonymous.

    So, the determination of whether user is authenticated or not is generally done on higher level. Anyway, I took a look at code of Microsoft’s default SqlProfileProvider implementation (namely, GetPropertyValues method implementation) and found out that it calls method private void GetPropertyValuesFromDatabase(string userName, SettingsPropertyValueCollection svc) which actually has the following code:

    HttpContext context = HttpContext.Current;
...
string sName = null;

if (context != null) 
    sName = (context.Request.IsAuthenticated ? context.User.Identity.Name : context.Request.AnonymousID);

    So, if we have a non-authenticated request then a user id is taken from HttpContext.Current.Request.AnonymousID property. Searching through MSDN for this property has revealed the following page: HttpRequest.AnonymousID property (System.Web). Although it still does not describe exact algorithm of generating this ID, but it provides information on how you can override this default algorithm if you want. All you need is to overload public void AnonymousIdentification_Creating(Object sender, AnonymousIdentificationEventArgs e) method in your web application. Also this page provides some information on how AnonymousID is persisted between calls (by default it’s stored in .ASPXANONYMOUS cookie).

    Example code:

    void Application_Start(Object sender, EventArgs e)
    {
        // Initialize user count property
        Application["UserCount"] = 0;
    }

public void AnonymousIdentification_Creating(Object sender, AnonymousIdentificationEventArgs e)
    {
    // Change the anonymous id
    e.AnonymousID = "mysite.com_Anonymous_User_" + DateTime.Now.Ticks;

    // Increment count of unique anonymous users
    Application["UserCount"] = Int32.Parse(Application["UserCount"].ToString()) + 1;
}

    Summary: I have not been able to answer your original question on HOW this ID is created by default but I think that last code snippet will be enough for you to override this with any algorithm you want.

    • 0