Sending email verification link to activate profile c#
I would recommend having a field called something like "ActivationToken" and have a GUID generated. You can do this in SQL directly by calling the newid() function, or in C# by calling Guid.NewGuid(). This is a very unique/random value that is next to impossible to brute force.
So when the user registers, you would do something like:
insert into tblUsers (Username, Password, Active, ActivationToken) values ('johndoe', 'mypassword', 0, newid())
The link would be like: http://yoururl.com/Activate.aspx?token={yourActivationGuid}
Update tblUsers set Active=1 where ActivationToken={yourActivationGuid}
If your UserID is already a GUID, you could probably get away with just using that (such as if you're using aspnet_user tables). As for not allowing the login, just check if the Active flag is set to true. If not, disallow the login.
So to validate login you could do:
select * from tblUsers where Username="johndoe" and Password="mypassword" and Active=1
Related videos on Youtube
10 : 00
22 : 02
21 : 04
30 : 36
20 : 41
22 : 19
03 : 53
08 : 45
07 : 37
14 : 05
16 : 03
Suits999
I Like to keep my description Anonymous! That way I could help people easily :)
Updated on July 11, 2022Comments
-
Suits999 almost 2 years
I'm currently building a website where people can register and they can have their own pages of content. I have created a custom login page not using the Create user wizard provided on the Microsoft Visual studio 2010. I have a SQL Database at the back end with
tblUsers
where users register will be saved. I have my email smtp settings configured and capable of sending emails using the registering persons email. I have tested this and it works.
The Problems
(1) I'm confused as to how I can generate the activation link to be attached to be sent with the email.
(2) How can i program the code to update a field in the SQL table related to the user
e.g: User verified = true
when the user clicks the link sent through the email.
(3) How can I block the user from being able to log in to the site without going through the verification process? (I am aware this can easily be done by changing few things on the Create User wizard, however I created my registration customarily therefore it runs on a register button click event) Therefore I can't seem to get my head around on how to do it.
Please try to help me out if possible will greatly appreciate it.
-
Suits999 about 11 yearswould you happen to have any links that would help me further in understanding how to integrate this?
-
Adam Plocher about 11 yearsSorry I don't. I actually gotta run but I updated my post with some more example code. If you still need help when I return, I'll submit an update.
-
SLaks about 11 yearsDo not store passwords in plain text
-
SLaks about 11 yearsGUIDs are not resistant to brute force. blogs.msdn.com/b/ericlippert/archive/2012/05/07/…
-
Adam Plocher about 11 yearsSLake, I should have mentioned, that was semi-pseudo code I was posting. Just follow those concepts (how you apply them is up to you), and as SLake said, don't store passwords in plain text.
-
Subin Jacob about 11 yearsThe answer is perfect and well explained. here, a unique id is generated for each registration and it will be stored into your database. link to your confirmation page will be sent to your customer affixing the unique id. when the url is clicked or requested by the user you can acknowledge him by this unique id. -
Suits999 about 11 yearsif there are any examples i could follow it could be really helpful
-
Suits999 about 11 yearsThanks for the help adam but I'm still confused in applying the Guid.NewGuid() function. I'm confused as to how i should implement it without messing up my current code. Therefore if you can please put an example if possible. I understand the rest you have explained above, thanks alot for that
