I'm currently using ASP.NET 2.0 Forms Authentication on our company customer facing web site.
When a customer activates their account for the first time through the site, their email is populated from the database along with their full name.
After they enter their username, security question, security answer, and password, all these parameters are passed into Membership.CreateUser.
For customers that have a one letter domain email such as kim#q.com or john#k.com, the Membership.CreateUser email validation returns invalid email address and doesn't create the users membership until they enter a valid email address.
Is there a fix our work around for the one letter email validation issue that anyone is aware of? Any bit of advice would be helpful.
Related
I'm using a Firebase phone auth as primary authentication. Since the phone is vulnerable, I want to link an email address to it that the user can use to access his account to change his phone number in case he lost his phone or got stolen. I can't find a way how to do it.
I saw a method currentUser.linkWithPhoneNumber(). However, reading its documentation, it says it is only supported on web platforms. Is there any other way to make this possible?
When you authenticate a user with a phone number, the only data that you have inside the FirebaseUser object when the authentication completes, are the UID and the phone number. If you need to add an email address to an existing account, you can request the user to provide an email address. Once you have that, you can update the email address using the FirebaseUser#updateEmail(String email) function. As soon as the account is updated, you can add any functionality related to that email address.
Since you didn't specify a programming language, I linked that function to the Android docs, but certainly, you can do the same thing in the case of any other programming languages.
upon further reading, i found Email Link Authentication that answered everything i've asked.
Linking/re-authentication with email link You can also link this method of authentication to an existing user. For example a user previously authenticated with another provider, such as a phone number, can add this method of sign-in to their existing account.
https://firebase.google.com/docs/auth/flutter/email-link-auth
We have an ASP.NET application where we need user's email in order to further send them transactional email. We have added Twitter Signup but not getting email address along with access_token.
We have checked twitter documentation and their FAQs for the same but have had no luck so far. The FAQ says that we need to ask for user's email in as a distinct act:
recently I came to a website http://medium.com which asks for email while authentication in it's scope, please refer to the image below:
I'm not sure how do I add email scope to my twitter application. Any help is highly appreciated!
It is not possible to get user's email address from twitter.
This can be made possible by filling out a form to request elevated permissions:
Go to https://support.twitter.com/forms/platform
Select "I need access to special permissions"
Enter Application Name and ID. These can be obtained via
https://apps.twitter.com/ -- the application ID is the numeric part
in the browser's address bar after you click your app.
Permissions Request: "Email address" Submit & wait for response
I'm developing an MVC4/Razor site for which the client requested the ability for users to be able to sign in with Facebook/Google accounts. Fortunately, this is fairly straightforward using Forms authentication.
However, I'm faced with the issue of: what if the user's email address which is returned by the provider matches an existing username?
For example, tim#rocketeerconsulting.com previously exists as a native account. For whatever reason, the user wants to use Facebook to login. Facebook returns that tim#rocketeerconsulting is the user's email address. If the user attempts to create an account using that information, MVC4 will state that the account already exists.
There are a few concerns:
Should users be allowed to merge accounts if an email address provided by an OAuth provider matches an existing account?
This presents a potential security risk. Can I rely on the OAuth provider to confirm that the address is valid? If not, a malicious user can create a Facebook account and then gain access to another user's account.
How should such a thing be implemented, if at all?
I recognize there is a similar question here, but my question pertains specifically to the context of Forms auth in MVC4.
You are right: it's easy to impersonate this way
Indeed, to add more to the problem, not all the OAuth providers give you the user email address (LinedId).
Every OAuth provider use an email address for initial validation, however, the user can have more than one, indeed some encurages you have them as backup.
So the email is not a good 'key' to identify the user.
Probably your solution will be to have a table with your own internal id and the relate this to the OAuth provider unique user identification: some use the email address, others screen name or similar.
This will allow the user to have more than one OAuth validator on your site.
I implemented this with: Linkedin, Twitter, Amazon, Google+, Microsoft and Facebook. Additionaly, our users can use their domain account to login, but this is another story...
I am developing an ASP.NET application.
I implemented Facebook API in my application now I want to access email addresses of my friends on Facebook.
I successfully connected Facebook with my application, but when I use FacebookApi.friends.GetList() it will give only friends userids then I will fire a FQL for each friend userid to access email but some time I got blank instead of email address.
Can someone help.
Which is best way facebook rest API or graph API?
The answer is almost certainly that one of the following is true:
The user hasn't shared an email address with Facebook
The user has placed you in a privacy group they deign to share their email address with
The user has set their privacy settings to not share their email address at all
If any of these are true, there's nothing you can do to resolve this short of asking your friends to change their privacy settings.
You need to ask for permission "email" to access email address of any user using your app, the reason why you are getting some email addresses is because few of Facebook users relatively have less restrictive privacy settings.
i was wondering if any one can advise me on how i can go about implementing a email and account validation feature in my ASP.net website. so when a user creates an account, an email is sent to the email address used, and the user needs to verify that email address to be able to logon.
thanks
Suggested workflow..
Create an account for the user in your database and mark the account as "to be validated"
Produce a random key, maybe a GUID and add it to the users account
Email the random key to the user along with a unique URL, e.g www.myurl.com/validateuser.aspx?userid=45532
To email using asp.net use the system.net.mail namespace - lots of bits on the internet about this.
On validateuser.aspx ask user to enter key sent to them in email.
Check if keys match. If so update db record to "validated"
Edit
By the way, there is a nice answer here on Stack Overflow if you are using forms auth
you can use regular expression of email id check after validation save id in database and and on button behind code of registration write code for sending email using system.net.mail
many email sending function available on internet.
after registeration using coding to check on logon either the email exists in ur database or not.
This is almost a year too late, but for the records you should use the built-in ASP.NET Membership functionality because you get all this (and much more) for free, no need to make e-mail validation logic if it's already made for you is it?
http://msdn.microsoft.com/en-us/library/yh26yfzy.aspx