Unwanted sharing of user data is commonly the results of implementing static variables in a web application. Static variables (and the Singleton pattern) creates a single instance of a variable that is accessible by every application user.
Request.GetClientCertificate sometimes returns incorrect information in Web API
I have a .Net 4.6 Web Application running on IIS which reads smart cards to get user information. In the beginning the application was working fine but after a few days other user's card information was showing up for different users. For example someone nowhere near me or associated with me tried to login but my smart card information would show up as though it was read from their card. It is almost like my smart card information is being cached on the server.
This is the code that reads the smart card information.
X509Certificate2 clientCert = new X509Certificate2(Request.GetClientCertificate());
u.Info = clientCert.Subject.ToString();
If I restart IIS the credential that was showing will reset and the correct one will show but the next person will get incorrect information from the smart card
Not sure what I am doing wrong that I am not getting the correct smart card information.
Thank you!!