Clever Geek Handbook

How can I check if the "User" has an E-mail confirmation inside an ASP.NET (web form) id?

On my login page, I want to implement a system where if a user exists but does not have a verified email ( IsEmailConfirmed

), the user needs to confirm / confirm an email.

I have no problem resending the verification code, my problem is where to put the instruction and how to make sure that users enter the correct username and password (users must be valid).

Login (code behind)

protected void LogIn(object sender, EventArgs e)
{
  // Validate the user password
  var manager = Context.GetOwinContext().GetUserManager<ApplicationUserManager>();
  var signinManager = Context.GetOwinContext().GetUserManager<ApplicationSignInManager>();

  // Require the user to have a confirmed email before they can log on.
  var user = manager.FindByName(username.Text);

  if (IsValid)
   {
    if (user != null)
     {
      // This doen't count login failures towards account lockout
      // To enable password failures to trigger lockout, change to shouldLockout: true
      var result = signinManager.PasswordSignIn(username.Text, Password.Text, RememberMe.Checked, shouldLockout: true);

      switch (result)
       {
        case SignInStatus.Success:
        IdentityHelper.RedirectToReturnUrl(Request.QueryString["ReturnUrl"], 
                                                           Response);
        break;

        case SignInStatus.LockedOut:
         //Response.Redirect("/Account/Lockout");    
         FailureText.Text = "This account has been locked out, please try again later.";
         ErrorMessage.Visible = true;
         return;

        case SignInStatus.RequiresVerification:
          Response.Redirect(String.Format("/Account/TwoFactorAuthenticationSignIn?ReturnUrl={0}&RememberMe={1}",
          Request.QueryString["ReturnUrl"],
          RememberMe.Checked),
          true);
          break;

         case SignInStatus.Failure:
         default:
          FailureText.Text = "Invalid login attempt";
          ErrorMessage.Visible = true;
          break;    
          }   
        }
      }    
  else
  {
     FailureText.Text = "Account not found.";
     ErrorMessage.Visible = true;
  }

  //else if (IsValid & !manager.IsEmailConfirmed(user.Id))
  //{
     //    ScriptManager.RegisterStartupScript(this, this.GetType(), "LaunchServerSide", "$(function() { OpenLoginModal(); });", true);
        //    LoginModalTitle.Text = "Account Verification".ToUpper();
        //    LoginModalDetails.Text = "You must have a confirmed email account.";
        //    //ErrorMessage.Visible = true;
        //    //ResendConfirm.Visible = true;
        //}
 }

I appreciate your efforts to achieve a solution to my problem.

+3


source to share


2 answers


If I understand correctly, do you want to make sure both the username and password are correct before we check if the account is active?



protected void LogIn(object sender, EventArgs e)
{
    var manager = Context.GetOwinContext().GetUserManager<ApplicationUserManager>();
    var signinManager = Context.GetOwinContext().GetUserManager<ApplicationSignInManager>();
    var user = manager.FindByName(username.Text);

    if (IsValid)
    {
        if (user != null)
        {
            var result = signinManager.PasswordSignIn(username.Text, Password.Text, RememberMe.Checked, shouldLockout: true);

            // If username and password is correct check if account is activated.
            if(!user.EmailConfirmed && result == SignInStatus.Success)
            {
                FailureText.Text = "Invalid login attempt. You must have a confirmed email account.";
                ErrorMessage.Visible = true;
                return;
            }        

            switch (result)
            {
                case SignInStatus.Success:
                    IdentityHelper.RedirectToReturnUrl(Request.QueryString["ReturnUrl"], 
                                                           Response);
                    break;
                case SignInStatus.LockedOut:
                    //Response.Redirect("/Account/Lockout");    
                    FailureText.Text = "This account has been locked out, please try again later.";
                    ErrorMessage.Visible = true;
                    return;

                case SignInStatus.RequiresVerification:
                    Response.Redirect(String.Format("/Account/TwoFactorAuthenticationSignIn?ReturnUrl={0}&RememberMe={1}",
                                                    Request.QueryString["ReturnUrl"],
                                                    RememberMe.Checked),
                                                    true);
                    break;
                case SignInStatus.Failure:
                default:
                    FailureText.Text = "Invalid login attempt";
                    ErrorMessage.Visible = true;
                    break;    
            }                
        }    
        else
        {
            FailureText.Text = "Account not found.";
            ErrorMessage.Visible = true;
        }
    }
}
+2


source


Slight modification required to check if the user is verified. You need to check the property IsEmailConfirmed

to see if the user has verified the account or not.

This article explains the flow and how to do it pretty nicely. Below is a snippet from this article.



    var user = manager.FindByName(Email.Text);
    if (user != null)
    {
        if (!user.EmailConfirmed)
        {
            FailureText.Text = "Invalid login attempt. You must have a confirmed email address. Enter your email and password, then press 'Resend Confirmation'.";
            ErrorMessage.Visible = true;
            ResendConfirm.Visible = true;
        }
        else
        {
             // your other logic goes here if the user is confirmed.
             ....
        }
    }
    else 
    {
        // user does not exist.
    }
+1


source






More articles:


All Articles