i was wonder if anyone have or could show me any tutorial on user confirmation email on registration? i've been looking for it for quite some times but no luck with a working one?
thanks a lot in advance
I can only tell you the steps involved in sending email confirmation
1) create database table and add columns you required ie firstname, lastname,VerificationCode, Dob ,active etc for registration
2) create a Registration form and add textboxes against you table
3) on saving form in databse generate Verification code save it in database and in email function
4) Send Email with verification code which was generated as querystring encrypted
5) In login page get verification code and decrypt it and verify with database
6) If verified then redirect the user to login page or else show exception
let me know if you have any questions
Related
I would like that the user after clicking on the registration link sent via email (after the complete the registration form), log-in automatically without that he must enter your username and password.
How can I do?
Thanks in advance
That is a security issue. You should verify the appropriate person received the email by asking for credentials. At most, you could probably store email in local storage/cookie and retrieve it on the login page. But please dont auto login.
I am using asp.net mvc 5 with owin security, and I have to create a link which will be sent to users email. And when user clicks on the link, they will be login to the system directly.
I still couldn't figure out how to generate that link with username and password..etc.
Can anyone show some light please.
You don't have to generate a link with the username and the password - definitely you shouldn't (+1 for #mason).
If you need to login users from the link you can generate and store a hash/guid/etc in the db for the user and send a link with the userId and the hash via email. -> sth like: mysite.org/login?userid=123&hash=b89eaac7e61417341b710b727768294d0e6a277b
You can create an action to check if the userId and the hash match the data in the db and login the user.
sth like
var user = HttpContext.GetOwinContext().GetUserManager<ApplicationUserManager>()).FindByIdAsync(userId)
if(user.Hash == hashFromTheLink)
HttpContext.GetOwinContext().Authentication.SignIn(...)
My client requirement for the password recovery is,
when user enters his email/username, system will email him a unique link. In users email, when the user will click the link,
system will take the user to the change password page. User will type a new password and his password will be changed.
Any idea how to do this??
Right now the change password page is only accessable for the logged in users. How do I let a user in to the page by a external link click?
This is a kind of a "Password change process":
Create a database table with the userId, createDate, closeDate, and a UUID
send the mail with a link to your page that has the uuid from the prcoess database table
if the user enters the page you check if the process is still open (closeDate is null)
user can change password
you set the closeDate
First check the user Email IF it exists then send him/her a unique email of the link
Example:
link : http:\\www.abc.com\passwordrecovery.aspx?ID="+Guid.NewID()
In this way you will send a unique email to every user also store this ID in the user table so when the user click the link you will be able to verify sender.
On your Password Recovery Page Check the value of Query String variable ID
and matched the ID of the user in the database if they are equal then show the password page of the required user.
Hope you understand it.
In your link use a unique indentifier as the query string. Intercept the params on your page load event and look in the database if there is a match.
I am developing an ASP.Net application that will need to verify that the user is legit and not a spam. Once the new user enters their first name, last name, email address, my application will send an email to verify the user's authenticity. The email would conatin a link that would confirm the users account.
I am looking help on what the logic is behind the email link. Once the user clicks the link, what happens?
I have had a website that has used Captcha, and not had much luck stopping spam (I know you can't stop 100% spam) similar to this Stopping spammers from creating accounts (reCaptcha not doing the trick)
As Rook has pointed out below, the simplest way is to use Captcha.
If you need to verify the email as well though, see below.
You could generate an approval GUID and pass it to the email URL which would mark the User as Active.
For example, add a column called ApprovalID to the users table and generate a new GUID when the user registers, i.e.
You should mark the user as inactive at this stage.
Example Guid 3F2504E0-4F89-11D3-9A0C-0305E82C3301
Then pass the User Id and GUID in the email body
Verify your account
Then a simple page verify.aspx
Code Behind
string UserId = Request[UserId].ToString(); // You can parse these as Guids
string ApprovalId = Request[ApprovalId].ToString();
TODO:
// Get user from database
// Match QueryString ApprovalId to Column ApprovalId
// Ask user to Log In
// Set user as active
Sending a confirmation link doesn't do anything to stop spam. Emailing someone a link with a Cryptographic Nonce just insures that they can receive email, bots can also receive email.
The best way stop spam is by using capthca, and I recocmend using reCapthca. You should prompt the user with a capthca when a user signs up for your service.
i was wondering if any one can advise me on how i can go about implementing a email and account validation feature in my ASP.net website. so when a user creates an account, an email is sent to the email address used, and the user needs to verify that email address to be able to logon.
thanks
Suggested workflow..
Create an account for the user in your database and mark the account as "to be validated"
Produce a random key, maybe a GUID and add it to the users account
Email the random key to the user along with a unique URL, e.g www.myurl.com/validateuser.aspx?userid=45532
To email using asp.net use the system.net.mail namespace - lots of bits on the internet about this.
On validateuser.aspx ask user to enter key sent to them in email.
Check if keys match. If so update db record to "validated"
Edit
By the way, there is a nice answer here on Stack Overflow if you are using forms auth
you can use regular expression of email id check after validation save id in database and and on button behind code of registration write code for sending email using system.net.mail
many email sending function available on internet.
after registeration using coding to check on logon either the email exists in ur database or not.
This is almost a year too late, but for the records you should use the built-in ASP.NET Membership functionality because you get all this (and much more) for free, no need to make e-mail validation logic if it's already made for you is it?
http://msdn.microsoft.com/en-us/library/yh26yfzy.aspx