peter,

the way i'd work this one would be to have a 'proper' temporary user table which contains:

userid (from membership table)
uniqueguid (NOT the aspnet membership guid, rather set in code at time of membership request)
requestdatetime (getutcdatetime at time of request)

then, when the user clicks on the link (in the email), the temporary guid is looked up, which in turn finds the userid. using the userid, you can then set the IsApproved flag on the table to True and delete the row from the temporary user table. housekeeping could be performed on the database on a weekly basis and any rows in the temporary user table that were older than (say a week) a defined period could be joined with the membership table and rows from both tables removed.

just my scots 2 pence worth!! [:d]

jimi

http://www.originaltalent.com

Hi again Jim,

I did mean a "real" table instead of an actual temporary table. Poor choice of words there. I'd probably end up calling it something like "tmp_UsersNotApproved" or something like that.

I also decided I wanted a GUID of my own, as well as include the e-mail address in the URL, to add some extra security. I'v so far just stripped the profile update as part of the registration process (users can always use the "edit profile" link later on if they want), and I guess I have no choice but to also remove the automatic e-mail (through the txt file) that's included in the Wizard as Marco uses it.

The same link about the mail verification also has another link about requiring users to verify their e-mail address AGAIN if they opt to change their address, which I think I will also be adding.

As for the datagrid, on the asp.net forums there's an http://forums.asp.net/t/1012442.aspx extension of the GridView, that allows multi-column sorting, a static header, and some other nice to have functionality (which ought to save up on licenses for Telerik components :D

Cheers,

Peter

http://entropia-online.blogspot.com/

I succesfully managed to implement a GUID into an E-mail last night. I was using some local MSDN installation that contained an error, which caused me to bang my head against the desk for two nights straight.

(For those interested, the article I used to base my code on dealt with the SendingMail event. I tried putting breakpoints on it, but never saw it jump in. This lead me to believe something went wrong and the event wasn't triggered (but it was). I finally found a post somewhere referring to the same MSDN article, but this time with correct code. Where the article I printed contained e.Message.Body.Replace, the correct syntax is of course e.Message.Body = e.Message.Body.Replace. Once I figured that out, I tried again, and this time saw that indeed the URL including the GUID had replaced my <%link%> placeholder. The event *still* didn't seem to fire though, as my code never even bothered jumping to debug mode).

I also decided to move the Membership tables from the ASPNETDB to my own database. That all went well, until I tried registering a new user, and ran into an error stating I needed at least 7 characters, including a non-alphanumeric one. I think I found a solution (which is removing the existing MemberShipProvider, before declaring the one Marco uses), but I'll have to wait until tonight before I can test that.

Reason for migrating the database tables is that I bought one SQL database at my webhost, and I want to use single-sign on for the whole eventual website (which will include wiki-like sections and what not).

I think the easiest way to share these things is by just copy/pasting the files used in the solution into a ZIP and uploading that to my google group. That way you can see what I ended up tweaking, and perhaps can use it to your advantage :)).


http://entropia-online.blogspot.com/

As an update, this weekend I succesfully finished work on both Email + link verification, adding a Captcha to the registration process.

The Captcha I ended up using is a fullblown control. I did some tweaking to it in order for it to blend into the Register page (like expanding its inputbox's width, and adding dashed borders to it).

As for the E-mailing, I basically stripped the Profile bits out of the CreateUserWizard, added a sendingmail event to the wizard, and had the code for the event generate a GUID. I also ensured the CreateUserWizard would not automatically enable the users (a boolean flag).

The GUID along with the e-mail address are parsed into a link which leads to my activation page. A stored procedure, at the same time (for now I'm just using a localised Sqlcommand in the page, rather than extending the existing DAL class) inserts the GUID, the Email address, and the current system time into a temporary table.

When the user clicks the link, they will be heading to the Activation page, which contains two textboxes; one for the GUID and one for the E-mail address. On the PageLoad event, if the querystring contains the GUID and the E-mail address, the user will automatically be activated. Otherwise, this will happen when the user enters the values into the textboxes. (this is again done with a stored procedure).

When the activation is succesful, the user is then automatically refered to the rules of the site. :)

Hope someone else can use this info :)

Cheers,

Peter

http://entropia-online.blogspot.com/