I am using asp.net mvc 5 with owin security, and I have to create a link which will be sent to users email. And when user clicks on the link, they will be login to the system directly.
I still couldn't figure out how to generate that link with username and password..etc.
Can anyone show some light please.
You don't have to generate a link with the username and the password - definitely you shouldn't (+1 for #mason).
If you need to login users from the link you can generate and store a hash/guid/etc in the db for the user and send a link with the userId and the hash via email. -> sth like: mysite.org/login?userid=123&hash=b89eaac7e61417341b710b727768294d0e6a277b
You can create an action to check if the userId and the hash match the data in the db and login the user.
sth like
var user = HttpContext.GetOwinContext().GetUserManager<ApplicationUserManager>()).FindByIdAsync(userId)
if(user.Hash == hashFromTheLink)
HttpContext.GetOwinContext().Authentication.SignIn(...)
Related
I am making a project. In that project first page is Login page.
In Login page, user'll enter user Id and Password, if match, page will redirect to second page.
In second page there is a hyperlink to go to third page.
In third page I want to show user's all the details like- firstName, lastName, emailId, mobileNumber, password etc.
My doubt is how to carry userId and Password from first page to third Page.
Please Help me.
Thanks in advance.
Save the user name and ID not the password, you don't need to save the password because it's not a good for security.
Go through this, it'll help you.
http://msdn.microsoft.com/en-us/library/system.security.principal.windowsprincipal(v=vs.110).aspx
You can use the WindowsPrincipal class to save the user credential it's save the user name and ID not the password, you don't need to save the password because it's not a good for security.
http://msdn.microsoft.com/en-us/library/system.security.principal.windowsprincipal(v=vs.110).aspx
Use cookies or session , will help you for both authentication and for what u mentioned here
http://www.w3schools.com/ASp/asp_cookies.asp
http://www.codeproject.com/Articles/32545/Exploring-Session-in-ASP-Net
You can store userId in Session or cookie on login success and get it on required page.
Do not store password in session or cookie as it may harmful from security point of view.
I suggest you to refer asp.net state management.
http://www.codeproject.com/Articles/492397/State-Management-in-ASP-NET-Introduction
http://www.codeproject.com/Articles/331962/A-Beginner-s-Tutorial-on-ASP-NET-State-Management
The way you are redirecting to Second Page from Login Page, just redirect directly from Login to Third Page.
Also, while checking login details, if user is an authenticated one, keep User ID in Session, so that you can easily retrieve logged in user's all details using that User ID.
In your login page check username and password is valid or not
if valid then create a session of userid for e.g Session["userid"]=userid
now in your third page you can get users firstname,lastname etc from userid
E.g:
int userid =Convert.ToInt(Session["userid"]);
var userDetails = GetUserInfomationfromid (userid) // here you can get user infomation from userid
if you want to read more about StateManagement in ASP.net
http://www.codeproject.com/Articles/492397/State-Management-in-ASP-NET-Introduction
i was wonder if anyone have or could show me any tutorial on user confirmation email on registration? i've been looking for it for quite some times but no luck with a working one?
thanks a lot in advance
I can only tell you the steps involved in sending email confirmation
1) create database table and add columns you required ie firstname, lastname,VerificationCode, Dob ,active etc for registration
2) create a Registration form and add textboxes against you table
3) on saving form in databse generate Verification code save it in database and in email function
4) Send Email with verification code which was generated as querystring encrypted
5) In login page get verification code and decrypt it and verify with database
6) If verified then redirect the user to login page or else show exception
let me know if you have any questions
there! I have just integrated HWIOAuthBundle with my Symfony2 application, but I would like to permit the user to enter a password, which he will use for my website login beside the email that will be retrieved from facebook before submitting the form that persists the data(email from facebook and password entered by the user) to my database. I would like to let the user submit this form and not do it automatically as it is done now,,Is there a class in the bundle that I could modify or override to achieve this? I hope I made myself clear enough,,Thanks!!
I have a registration-login system on my own website yet I want to add Facebook Connect too. I have some required parts of my user table as:
Username
Password
Email
The first thing that came to my mind is, setting userId as username, userId#facebook.com as email and setting the password to null and check if a record exists with these details in my user table. If not insert a new user with these details, if exists return that user details.
Is this a good design? How should I connect facebook connect to my website?
Thank you
I would suggest you to take this into a more deep ASP.NET, and start an MVC project
then use the Microsoft Facebook API SDK to play around with the API, it's very easy and because they are using the new dynamic type, now that Facebook changed the Open Graph, it will continue to work great as well.
in your login page, add a facebook login button and ask for permissions, for example:
<fb:login-button perms="email" size="medium">
redirect-uri="http://yourdomain.com/FBLogin/"
Subscribe using Facebook</fb:login-button>
in your FBLogin controller, login the user using the FB credentials, if the user uses your normal form, use the normal login
If you create a custom MemberShip Provider, you can easily use that for both accesses... I write a simple start to a custom Membership provider here
My client requirement for the password recovery is,
when user enters his email/username, system will email him a unique link. In users email, when the user will click the link,
system will take the user to the change password page. User will type a new password and his password will be changed.
Any idea how to do this??
Right now the change password page is only accessable for the logged in users. How do I let a user in to the page by a external link click?
This is a kind of a "Password change process":
Create a database table with the userId, createDate, closeDate, and a UUID
send the mail with a link to your page that has the uuid from the prcoess database table
if the user enters the page you check if the process is still open (closeDate is null)
user can change password
you set the closeDate
First check the user Email IF it exists then send him/her a unique email of the link
Example:
link : http:\\www.abc.com\passwordrecovery.aspx?ID="+Guid.NewID()
In this way you will send a unique email to every user also store this ID in the user table so when the user click the link you will be able to verify sender.
On your Password Recovery Page Check the value of Query String variable ID
and matched the ID of the user in the database if they are equal then show the password page of the required user.
Hope you understand it.
In your link use a unique indentifier as the query string. Intercept the params on your page load event and look in the database if there is a match.