This is something that a lot of sites have to verify that the user’s e-mail is valid and seems like it would be complex, but there is a very easy way to do it. This is going to be a 2 part series, maybe a 3rd still thinking about it. First, I will give you the resources to learn about and setup the asp.net membership system and explain the concept of how we are going to activate the account. Part 2 will be a re-explanation along with code.
I wanted to actually explain all the steps to doing the membership system setup, but I just can’t beat 4guysfromrolla.com. Here are the links to there multi-part series on most everything about the membership system. I use it every time I need to get started with the membership system.
Examining ASP.NET 2.0’s Membership, Roles, and Profile:
Part 1 – learn about how the membership features make providing user accounts on your website a breeze. This article covers the basics of membership, including why it is needed, along with a look at the
SqlMembershipProviderand the security Web controls.
Part 2 – master how to create roles and assign users to roles. This article shows how to setup roles, using role-based authorization, and displaying output on a page depending upon the visitor’s roles. Part 3 – see how to add the membership-related schemas to an existing database using the ASP.NET SQL Server Registration Tool (
Part 4 – improve the login experience by showing more informative messages for users who log on with invalid credentials; also, see how to keep a log of invalid login attempts. Part 5 – learn how to customize the Login control. Adjust its appearance using properties and templates; customize the authentication logic to include a CAPTCHA. Part 6 – capture additional user-specific information using the Profile system. Learn about the built-in
Part 7 – the Membership, Roles, and Profile systems are all build using the provider model, which allows for their implementations to be highly customized. Learn how to create a custom Profile provider that persists user-specific settings to XML files. Part 8 – learn how to use the Microsoft Access-based providers for the Membership, Roles, and Profile systems. With these providers, you can use an Access database instead of SQL Server. Part 9 – when working with Membership, you have the option of using .NET’s APIs or working directly with the specified provider. This article examines the pros and cons of both approaches and examines the SqlMembershipProvider in more detail.
Email Activation Concept
The overall concept is fairly simple. You register then receive an e-mail that you have registered along with an activation URL. When you click on the URL it goes to the site and activates your account proving that you are real and there is a real e-mail address.
The easiest way to do this is the following.
- User Registers
- Once registration guid is created
- guid is put into a table associated with a username
- E-Mail is sent to user with a url based on the GUID something like ( http://example.com/Activate.aspx?key=1234-1234-1234 )
- User Opens Email and click link
- Person comes to activation page
- Activation page reads querystring and associates the string with guid in db. If a match executes code to “approve” account for use
- User can login.
There are a few key things:
- You need an association table. Something that will hold the guid and username for later verification.
- Create the GUID and get username _after_ account has been created and commit to above table.
- Build the activation URL and Send the e-mail
- On the activation page read the query string and find association in association table and retrieve the username if association exists between username and guid.
- if a username is returned call the membership api and activate the account.
Remember though that when building the site be sure to set the property where when the user registers the account is not automatically approved.
This is a very useful and needed feature in some respects and highly used. The concept is fairly simple and with the membership system it continues to stay fairly simple. Please feel free to try this on your own and report back any issues you came across and how you overcame them.
I will post part to in a couple of days. I am hoping on Sunday as a present to you all on my Birthday though we will see how that turns out.