In this article I will explain how to approve new users created using CreateUserWizard with a confirmation email in ASP.NET
Introduction
In this article first we will configure a CreateUserWizard control using SQLMembersipProvider. Then an SMTP mail setting is configured to send confirmation email to new users registered using this CreateUserWizard control. A user is approved when he clicks the confirmation email sent to his given email address.
Step 1:
Configure a database using SQLMembershipProvider to store user details.
Step 2:
Add a new ASP.NET Web Application using Visual Studio. And add a new Web page “Regester.aspx”. Drag a CreateUserWizard control and set its DisableCreatedUser to “true” to disable any newly created user. He will be activated by sending an activation email to his email. Write following in Web.config file
- Write connection string inside <configuration> tag
<connectionStrings>
<add name="ConString" connectionString="Data source=DEEPAK\SQLSERVER2005; Initial Catalog=Employee; User ID=sa; Password=********;"/>
</connectionStrings>
I have configured “Employee” database using aspnet_regsql command as using Step 1 and stored its connection string in ConString
- Write following inside <system.web> tag
<authentication mode="Forms"/>
<membership defaultProvider="MyMembershipProvider">
<providers>
<add name="MyMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="ConString"/>
</providers>
</membership>
Here I have configured Forms authentication using SqlMembershipProvider with above connection string
- Write following inside <system.net> tag
<mailSettings>
<smtp from="deepak.sharma009@gmail.com">
<network host="smtp.gmail.com"
port="25"
userName="deepak.sharma009"
password="*******"/>
</smtp>
</mailSettings>
Here I have set up an SMTP account for sending email. I am using my Gmail account to send confirmation email to new users
Step 3:
- Import following namespaces in Regester.aspx.cs code view
using System.Net; using System.Net.Mail; using System.Configuration; using System.Data.SqlClient;
- Declare following variables inside class the declaration
string Email, ConString, ActivationUrl; MailMessage message; SmtpClient smtp;
- Write following code in SendingMail event of CreateUserWizard
protected void CreateUserWizard1_SendingMail(object sender, MailMessageEventArgs e)
{
e.Cancel = true;
message = new MailMessage();
Email = CreateUserWizard1.Email;
message.To.Add(Email.Trim());
message.Subject = "Email confirmation!";
ActivationUrl=Server.HtmlEncode("http://localhost:49161/ActivateUsers.aspx?UserID="+GetUserID(CreateUserWizard1.Email)+"&Email="+CreateUserWizard1.Email);
message.Body = "Hi "+CreateUserWizard1.UserName+"!\n"+
"Welcome to deepak-sharma.net!"+
"Please <a href='"+ActivationUrl+"'>click</a> here to activate your account. \nThanks!";
message.IsBodyHtml = true;
SmtpClient smtpClient = new SmtpClient();
smtpClient.EnableSsl = true;
smtpClient.Send(message);
}
SendingMail event of CreateUserWizard is fired before an email is send to the new regestered user. e.Cancel property is set to true to override default SendingMail event and set our own properties to send email. Then a MailMessage object is created and To, Subject, and Body property is set to send email to the regiesered user.
SmtpClient object is created for enabling SSL connection because Gmail SMTP uses SSL encryption. If this property is not set you will get System.Net.Mail.SmtpException exception. SmtpClient.Send method is used to send the mail which takes MailMessage as a parameter.
An actication url is created by adding two query strings to ActivateUsers.aspx page. First query string is UserID which is a Guid that is inserted in the “aspnet_Membership” table as its UserID and second query string is user’s email. This url is send to the user in an email. When the user clicks on this url, he redirects to “ActicateUsers.aspx” page. On the load event of “ActivateUsers.aspx” page UserID and Email is validated and its IsApproved field is set to true to activate the user if UserID and Email matches.
User get email confirmation in following format:
Hi deepak!
Welcome to deepak-sharma.net! Please click here to activate your account.
- Write function to get user id of given email
private string GetUserID(string Email)
{
string ConString = ConfigurationManager.ConnectionStrings["ConString"].ConnectionString;
SqlConnection con = new SqlConnection(ConString);
SqlCommand cmd=new SqlCommand("SELECT UserId FROM aspnet_Membership WHERE email=@Email", con);
cmd.Parameters.AddWithValue("@Email", Email);
con.Open();
string UserID = cmd.ExecuteScalar().ToString();
con.Close();
return UserID;
}
Step 3:
Create a new Web page “ActivateUsers.aspx” and write following code in its load event
string ConString = ConfigurationManager.ConnectionStrings["ConString"].ConnectionString;
string Email, UserID;
int i=0;
if ((Request.QueryString["UserID"] != null) & (Request.QueryString["Email"] != null))
{
UserID = Request.QueryString["UserID"];
Email = Request.QueryString["Email"];
SqlConnection con = new SqlConnection(ConString);
SqlCommand cmd = new SqlCommand("UPDATE aspnet_Membership SET IsApproved=1 WHERE UserID=@UserID AND Email=@Email", con);
cmd.Parameters.AddWithValue("@UserID", UserID);
cmd.Parameters.AddWithValue("@Email", Email);
con.Open();
i = cmd.ExecuteNonQuery();
con.Close();
}
if (i > 0)
{
Response.Write("Thanks for activation. You can login now!");
Response.Write("<a href='Login.aspx'>Login</a>");
}
This page is called to when the user clicks on the activation mail. When DisableCreatedUser property of CreateUserWizard is set to true, IsApproved field is set to 0 to disable the user. When UserID and Email of query strings is matched int the load event of this page, IsApproved field is set to 1 to enable the user.
Filed under: .Net, ASP.NET
