aspx registration page + Email authentication
-
Hi, A while back I saw a nice walkthrough of a registration page that regiser a user using Memberships and roles classes. I also provided email authentication, whereby a user can authenticate his registered account via email authentication. The basic concept was to use the ID provided by the Membership classes, and append this info to a link emailed to the user. Hence, data is basically passed in the link. On the page load, this user was basically enabled via the data passed. So basically you'll have a link like:
http://localhost/Authenticate.aspx?User=xxxx-xxxx-xxxx-xxxx-xxxx-xxxx
and when you receive this link, you basically get the value xxxx-xxxx-xxxx-xxxx-xxxx-xxxx, and enable the user. (Like this)
ActivateUser (Request. QueryString["User"].ToString())
where ActivateUser is a function that accepts the UserID and activates that user. I know all this sounds dodgy, because you parse the user id, but there is NO way for the user to know that ID, and for him to geuss it, he needs to geuss millions and millions of times... Can someone perhaps give me a link to a tutorial like this? Kind regards, Hugo Human.
-
Hi, A while back I saw a nice walkthrough of a registration page that regiser a user using Memberships and roles classes. I also provided email authentication, whereby a user can authenticate his registered account via email authentication. The basic concept was to use the ID provided by the Membership classes, and append this info to a link emailed to the user. Hence, data is basically passed in the link. On the page load, this user was basically enabled via the data passed. So basically you'll have a link like:
http://localhost/Authenticate.aspx?User=xxxx-xxxx-xxxx-xxxx-xxxx-xxxx
and when you receive this link, you basically get the value xxxx-xxxx-xxxx-xxxx-xxxx-xxxx, and enable the user. (Like this)
ActivateUser (Request. QueryString["User"].ToString())
where ActivateUser is a function that accepts the UserID and activates that user. I know all this sounds dodgy, because you parse the user id, but there is NO way for the user to know that ID, and for him to geuss it, he needs to geuss millions and millions of times... Can someone perhaps give me a link to a tutorial like this? Kind regards, Hugo Human.
Erhm, what tutorial do you want. Do you want the code written for you so you only have to implement it yourself or something like that? The idea what you want seems to be pretty straight forward an quite easy to do. We can help you is you have questions about code or something like that, however we're not going to develop your application..
.: I love it when a plan comes together :. http://www.zonderpunt.nl
-
Erhm, what tutorial do you want. Do you want the code written for you so you only have to implement it yourself or something like that? The idea what you want seems to be pretty straight forward an quite easy to do. We can help you is you have questions about code or something like that, however we're not going to develop your application..
.: I love it when a plan comes together :. http://www.zonderpunt.nl
-
Hi, A while back I saw a nice walkthrough of a registration page that regiser a user using Memberships and roles classes. I also provided email authentication, whereby a user can authenticate his registered account via email authentication. The basic concept was to use the ID provided by the Membership classes, and append this info to a link emailed to the user. Hence, data is basically passed in the link. On the page load, this user was basically enabled via the data passed. So basically you'll have a link like:
http://localhost/Authenticate.aspx?User=xxxx-xxxx-xxxx-xxxx-xxxx-xxxx
and when you receive this link, you basically get the value xxxx-xxxx-xxxx-xxxx-xxxx-xxxx, and enable the user. (Like this)
ActivateUser (Request. QueryString["User"].ToString())
where ActivateUser is a function that accepts the UserID and activates that user. I know all this sounds dodgy, because you parse the user id, but there is NO way for the user to know that ID, and for him to geuss it, he needs to geuss millions and millions of times... Can someone perhaps give me a link to a tutorial like this? Kind regards, Hugo Human.
-
aahh... thanks, that's a good one ! This is what I did...
protected void PostRegister_Click1(object sender, EventArgs e)
{
if (!(String.IsNullOrEmpty(UserName.Text) || String.IsNullOrEmpty(RegisterBox.Text)))
{
MembershipUser user = Membership.GetUser(UserName.Text.ToString());
if (user == null)
{
user = Membership.CreateUser(UserName.Text.ToString(), "gendac!@#", RegisterBox.Text.ToString());
user.IsApproved = false;
Membership.UpdateUser(user);
}
else
return; //TODO, errorString email = RegisterBox.Text.ToString(); string link = "http://localhost:32781/" + "Confirmation.aspx?UserID=" + user.ProviderUserKey.ToString(); // TODO: Make dynamic try { //create the mail message System.Net.Mail.MailMessage mail = new System.Net.Mail.MailMessage(); //set the addresses mail.From = new MailAddress("hugo@gendac.co.za"); mail.To.Add(email); //set the content mail.Subject = "Click the link to register."; mail.Body = link; //send the message SmtpClient smtp = new SmtpClient("127.0.0.1"); // Make dynamic //to authenticate we set the username and password properites on the SmtpClient smtp.Credentials = new NetworkCredential("hugo", "blaaaaa"); smtp.Send(mail); } catch (Exception ex) { System.Diagnostics.Trace.WriteLine(ex.Message); } } }and then to confirm
public partial class Confirmation : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
String userKey = (Request.QueryString["UserID"].ToString());
Guid guid = new Guid(userKey);
if (userKey != null)
{
MembershipUser user = Membership.GetUser(guid);
if (user != null)
{
user.IsApproved = true;
Membership.UpdateUser(user);
Message.Text = String.Format("Welcome {0}, you are now registered", user.UserName);
}
else
Message.Text = String.Format("Invalid user ID");
}
}
}Seems to work fine .... do you guys see any loop holes... ?