Creating an activation link for an account

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Andy B
    #1

    Creating an activation link for an account

    I am working on a mailing list service for our company. One of the
    requirements is that when a person signs up for a mailing list through the
    website they have to activate their subscription through a link sent to them
    in an email. How would I do something like this? The db being used is sql
    server 2005 express.



    Tags: None
    • Cowboy \(Gregory A. Beamer\)
      #2
      Re: Creating an activation link for an account

      When the person creates the account, create a GUID for the user. The easiest
      way, in SQL Server (Express or otherwise) is to set a column up with
      IsRowGuid = true. You will also want a column named IsConfirmed as a bit and
      defaulted to 0. Something like:

      ALTER TABLE Users
      ADD
      [ConfirmId] [uniqueidentifie r] ROWGUIDCOL NOT NULL CONSTRAINT
      [DF_Users_Confir mId] DEFAULT (newid()),
      [IsConfirmed] [bit] NOT NULL CONSTRAINT [DF_Users_IsConf irmed] DEFAULT
      ((0))


      Then send an email with a link like this:
      http://www.yourcompany .com/confirm.aspx?id ={the_guid_here }

      When they click on the link, you have code that updates IsConfirmed to 1
      (true). You then have to alter the logon mechanism to respect that field. If
      you are using ASP.NET Membership, create a custom membership provider rather
      than whack any bits Microsoft created. As a personal note: There is nothing
      more aggrevating, as a consultant, than coming in and finding that the
      errors you are experiencing are due to someone whacking standard bits rather
      than deriving their own classes. In addition, these whack jobs are rarely
      documented, so they can cause great pain to the company when they have to
      move the application to another server or get new developers on it years
      later.

      --
      Gregory A. Beamer
      MVP, MCP: +I, SE, SD, DBA

      Subscribe to my blog
      WordPress.com
      http://gregorybeamer.spaces.live.com/lists/feed.rss
      276


      or just read it:
      Stop Making Sense
      http://gregorybeamer.spaces.live.com/
      Just another WordPress.com site


      *************** *************** **************
      | Think outside the box! |
      *************** *************** **************
      "Andy B" <a_borka@sbcglo bal.netwrote in message
      news:%23v5aSuj8 IHA.3848@TK2MSF TNGP05.phx.gbl. ..
      >I am working on a mailing list service for our company. One of the
      >requirements is that when a person signs up for a mailing list through the
      >website they have to activate their subscription through a link sent to
      >them in an email. How would I do something like this? The db being used is
      >sql server 2005 express.
      >
      >
      >

        Comment

        • Mark Rae [MVP]
          #3
          Re: Creating an activation link for an account

          "Andy B" <a_borka@sbcglo bal.netwrote in message
          news:%23v5aSuj8 IHA.3848@TK2MSF TNGP05.phx.gbl. ..
          I am working on a mailing list service for our company. One of the
          requirements is that when a person signs up for a mailing list through the
          website they have to activate their subscription through a link sent to
          them in an email. How would I do something like this? The db being used is
          sql server 2005 express.
          Several ways, depending on how "secure" this needs to be...

          Often, people simply generate a unique identifier based on the email address
          to be verified and append that to a URL e.g.

          mywebsite.com - This website is for sale! - mywebsite Resources and Information.
          http://www.mywebsite.com/confirm.aspx?ID=a_borka@sbcglobal.net
          This website is for sale! mywebsite.com is your first and best source for all of the information you’re looking for. From general topics to more of what you would expect to find here, mywebsite.com has it all. We hope you find what you are searching for!


          As you can see, not particularly secure, since it's perfectly obvious what
          the above URL means...

          Therefore, the querystring is commonly encrypted in some way (do a Google
          for .NET and cryptography for literally thousands of examples of how to do
          encryption / decryption with the .NET Framework) e.g.

          mywebsite.com - This website is for sale! - mywebsite Resources and Information.
          http://www.mywebsite.com/confirm.aspx?JMru5GaNhubZ3bgPB3/vUEcrD/aNXuj1
          This website is for sale! mywebsite.com is your first and best source for all of the information you’re looking for. From general topics to more of what you would expect to find here, mywebsite.com has it all. We hope you find what you are searching for!


          Then, when your website receives the above HttpRequest, it simply decrypts
          the entire Request.QuerySt ring.ToString() value and looks it up against your
          database.

          You could further refine this process by rejecting any activation requests
          older than a certain amount of time etc...


          --
          Mark Rae
          ASP.NET MVP
          Mark Rae - JavaScript Disabled
          http://www.markrae.net


            Comment

            • Andy B
              #4
              Re: Creating an activation link for an account

              Ill look into it and see how it goes. I wont be using the standard
              membership providers for the mailing list service and I am going to be
              revamping the website this off season anyways so can make some better
              improvements along with another major project I have to do.


              "Cowboy (Gregory A. Beamer)" <NoSpamMgbworld @comcast.netNoS pamMwrote in
              message news:OMEca9j8IH A.3724@TK2MSFTN GP03.phx.gbl...
              When the person creates the account, create a GUID for the user. The
              easiest way, in SQL Server (Express or otherwise) is to set a column up
              with IsRowGuid = true. You will also want a column named IsConfirmed as a
              bit and defaulted to 0. Something like:
              >
              ALTER TABLE Users
              ADD
              [ConfirmId] [uniqueidentifie r] ROWGUIDCOL NOT NULL CONSTRAINT
              [DF_Users_Confir mId] DEFAULT (newid()),
              [IsConfirmed] [bit] NOT NULL CONSTRAINT [DF_Users_IsConf irmed] DEFAULT
              ((0))
              >
              >
              Then send an email with a link like this:
              http://www.yourcompany .com/confirm.aspx?id ={the_guid_here }
              >
              When they click on the link, you have code that updates IsConfirmed to 1
              (true). You then have to alter the logon mechanism to respect that field.
              If you are using ASP.NET Membership, create a custom membership provider
              rather than whack any bits Microsoft created. As a personal note: There is
              nothing more aggrevating, as a consultant, than coming in and finding that
              the errors you are experiencing are due to someone whacking standard bits
              rather than deriving their own classes. In addition, these whack jobs are
              rarely documented, so they can cause great pain to the company when they
              have to move the application to another server or get new developers on it
              years later.
              >
              --
              Gregory A. Beamer
              MVP, MCP: +I, SE, SD, DBA
              >
              Subscribe to my blog
              WordPress.com
              http://gregorybeamer.spaces.live.com/lists/feed.rss
              276

              >
              or just read it:
              Stop Making Sense
              http://gregorybeamer.spaces.live.com/
              Just another WordPress.com site

              >
              *************** *************** **************
              | Think outside the box! |
              *************** *************** **************
              "Andy B" <a_borka@sbcglo bal.netwrote in message
              news:%23v5aSuj8 IHA.3848@TK2MSF TNGP05.phx.gbl. ..
              >>I am working on a mailing list service for our company. One of the
              >>requirement s is that when a person signs up for a mailing list through the
              >>website they have to activate their subscription through a link sent to
              >>them in an email. How would I do something like this? The db being used is
              >>sql server 2005 express.
              >>
              >>
              >>
              >

                Comment

                Previous template Next
                Working...