By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,837 Members | 1,842 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,837 IT Pros & Developers. It's quick & easy.

Creating an activation link for an account

P: n/a
I am working on a mailing list service for our company. One of the
requirements is that when a person signs up for a mailing list through the
website they have to activate their subscription through a link sent to them
in an email. How would I do something like this? The db being used is sql
server 2005 express.

Jul 30 '08 #1
Share this Question
Share on Google+
3 Replies


P: n/a
When the person creates the account, create a GUID for the user. The easiest
way, in SQL Server (Express or otherwise) is to set a column up with
IsRowGuid = true. You will also want a column named IsConfirmed as a bit and
defaulted to 0. Something like:

ALTER TABLE Users
ADD
[ConfirmId] [uniqueidentifier] ROWGUIDCOL NOT NULL CONSTRAINT
[DF_Users_ConfirmId] DEFAULT (newid()),
[IsConfirmed] [bit] NOT NULL CONSTRAINT [DF_Users_IsConfirmed] DEFAULT
((0))
Then send an email with a link like this:
http://www.yourcompany.com/confirm.aspx?id={the_guid_here}

When they click on the link, you have code that updates IsConfirmed to 1
(true). You then have to alter the logon mechanism to respect that field. If
you are using ASP.NET Membership, create a custom membership provider rather
than whack any bits Microsoft created. As a personal note: There is nothing
more aggrevating, as a consultant, than coming in and finding that the
errors you are experiencing are due to someone whacking standard bits rather
than deriving their own classes. In addition, these whack jobs are rarely
documented, so they can cause great pain to the company when they have to
move the application to another server or get new developers on it years
later.

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

Subscribe to my blog
http://gregorybeamer.spaces.live.com/lists/feed.rss

or just read it:
http://gregorybeamer.spaces.live.com/

********************************************
| Think outside the box! |
********************************************
"Andy B" <a_*****@sbcglobal.netwrote in message
news:%2****************@TK2MSFTNGP05.phx.gbl...
>I am working on a mailing list service for our company. One of the
requirements is that when a person signs up for a mailing list through the
website they have to activate their subscription through a link sent to
them in an email. How would I do something like this? The db being used is
sql server 2005 express.
Jul 30 '08 #2

P: n/a
"Andy B" <a_*****@sbcglobal.netwrote in message
news:%2****************@TK2MSFTNGP05.phx.gbl...
I am working on a mailing list service for our company. One of the
requirements is that when a person signs up for a mailing list through the
website they have to activate their subscription through a link sent to
them in an email. How would I do something like this? The db being used is
sql server 2005 express.
Several ways, depending on how "secure" this needs to be...

Often, people simply generate a unique identifier based on the email address
to be verified and append that to a URL e.g.

http://www.mywebsite.com/co*********...@sbcglobal.net

As you can see, not particularly secure, since it's perfectly obvious what
the above URL means...

Therefore, the querystring is commonly encrypted in some way (do a Google
for .NET and cryptography for literally thousands of examples of how to do
encryption / decryption with the .NET Framework) e.g.

http://www.mywebsite.com/confirm.asp.../vUEcrD/aNXuj1

Then, when your website receives the above HttpRequest, it simply decrypts
the entire Request.QueryString.ToString() value and looks it up against your
database.

You could further refine this process by rejecting any activation requests
older than a certain amount of time etc...
--
Mark Rae
ASP.NET MVP
http://www.markrae.net

Jul 30 '08 #3

P: n/a
Ill look into it and see how it goes. I wont be using the standard
membership providers for the mailing list service and I am going to be
revamping the website this off season anyways so can make some better
improvements along with another major project I have to do.
"Cowboy (Gregory A. Beamer)" <No************@comcast.netNoSpamMwrote in
message news:OM**************@TK2MSFTNGP03.phx.gbl...
When the person creates the account, create a GUID for the user. The
easiest way, in SQL Server (Express or otherwise) is to set a column up
with IsRowGuid = true. You will also want a column named IsConfirmed as a
bit and defaulted to 0. Something like:

ALTER TABLE Users
ADD
[ConfirmId] [uniqueidentifier] ROWGUIDCOL NOT NULL CONSTRAINT
[DF_Users_ConfirmId] DEFAULT (newid()),
[IsConfirmed] [bit] NOT NULL CONSTRAINT [DF_Users_IsConfirmed] DEFAULT
((0))
Then send an email with a link like this:
http://www.yourcompany.com/confirm.aspx?id={the_guid_here}

When they click on the link, you have code that updates IsConfirmed to 1
(true). You then have to alter the logon mechanism to respect that field.
If you are using ASP.NET Membership, create a custom membership provider
rather than whack any bits Microsoft created. As a personal note: There is
nothing more aggrevating, as a consultant, than coming in and finding that
the errors you are experiencing are due to someone whacking standard bits
rather than deriving their own classes. In addition, these whack jobs are
rarely documented, so they can cause great pain to the company when they
have to move the application to another server or get new developers on it
years later.

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

Subscribe to my blog
http://gregorybeamer.spaces.live.com/lists/feed.rss

or just read it:
http://gregorybeamer.spaces.live.com/

********************************************
| Think outside the box! |
********************************************
"Andy B" <a_*****@sbcglobal.netwrote in message
news:%2****************@TK2MSFTNGP05.phx.gbl...
>>I am working on a mailing list service for our company. One of the
requirements is that when a person signs up for a mailing list through the
website they have to activate their subscription through a link sent to
them in an email. How would I do something like this? The db being used is
sql server 2005 express.

Jul 30 '08 #4

This discussion thread is closed

Replies have been disabled for this discussion.