How to Approve New Users With Confirmation Email Using CreateUserWizard Control in ASP.Net

In this article I will explain how to approve new users created using CreateUserWizard with a confirmation email in ASP.NET.

Introduction

In this article first we will configure a CreateUserWizard control using SQLMembersipProvider. Then an SMTP mail setting is configured to send a confirmation email to new users registered using this CreateUserWizard control. A user is approved when he clicks the confirmation email sent to his given email address.

Step 1

Configure a database using SQLMembershipProvider to store user details.

Step 2

Add a new ASP.NET Web Application using Visual Studio. And add a new Web page "Regester.aspx". Drag a CreateUserWizard control and set its DisableCreatedUser to "true" to disable any newly created user. He will be activated by sending an activation email to his email. Write the following in the Web.config file:

  • Write connection string inside <configuration> tag
     

    <connectionStrings>

          <add name="ConString" connectionString="Data source=DEEPAK\SQLSERVER2005; Initial Catalog=Employee; User ID=sa; Password=********;"/>

    </connectionStrings>

I have configured an "Employee" database using the aspnet_regsql command as in Step 1 and stored its connection string in ConString.

  • Write the following inside the <system.web> tag:
     

    <authentication mode="Forms"/>

    <membership defaultProvider="MyMembershipProvider">

          <providers>

                <add name="MyMembershipProvider"

             type="System.Web.Security.SqlMembershipProvider"

             connectionStringName="ConString"/>

          </providers>

    </membership>

Here I have configured Forms authentication using SqlMembershipProvider with the above connection string.

  • Write the following inside the <system.net> tag:
     

    <connectionStrings>

          <add name="ConString" connectionString="Data source=DEEPAK\SQLSERVER2005; Initial Catalog=Employee; User ID=sa; Password=********;"/>

    </connectionStrings>

Here I have set up an SMTP account for sending email. I am using my Gmail account to send a confirmation email to new users.

Step 3

Import the following namespaces in the Regester.aspx.cs code view:

using System.Net;

using System.Net.Mail;

using System.Configuration;

using System.Data.SqlClient;

Declare the following variables inside the class declaration:

string Email, ConString, ActivationUrl;
MailMessage message;
SmtpClient smtp;

Write the following code in the SendingMail event of CreateUserWizard:

protected void CreateUserWizard1_SendingMail(object sender, MailMessageEventArgs e)
{
    e.Cancel = true;
    message = new MailMessage();
    Email = CreateUserWizard1.Email;
    message.To.Add(Email.Trim());
    message.Subject = "Email confirmation!";
    ActivationUrl=Server.HtmlEncode("http://localhost:49161/ActivateUsers.aspx?UserID="+GetUserID(CreateUserWizard1.Email)+"&Email="+CreateUserWizard1.Email);
    message.Body = "Hi "+CreateUserWizard1.UserName+"!\n"+
                   "Welcome to deepak-sharma.net!"+
                   "Please <a href='"+ActivationUrl+"'>click</a> here to activate your account. \nThanks!";
    message.IsBodyHtml = true;
    SmtpClient smtpClient = new SmtpClient();
    smtpClient.EnableSsl = true;
    smtpClient.Send(message);
}

The SendingMail event of CreateUserWizard is fired before an email is sent to the new regestered user. The e.Cancel property is set to true to override the default SendingMail event and set our own properties to send email. Then a MailMessage object is created and the To, Subject, and Body properties are set to send email to the regiesered user.

The SmtpClient object is created for enabling the SSL connection because Gmail SMTP uses SSL encryption. If this property is not set you will get a System.Net.Mail.SmtpException exception. The SmtpClient.Send method is used to send the mail which takes MailMessage as a parameter.

An actication URL is created by adding two query strings to the ActivateUsers.aspx page. The first query string is UserID which is a Guid that is inserted in the "aspnet_Membership" table as its UserID and the second query string is the user's email. This URL is sent to the user in an email. When the user clicks on this URL, he redirects to the "ActicateUsers.aspx" page. On the load event of the "ActivateUsers.aspx" page the UserID and Email is validated and its IsApproved field is set to true to activate the user if the UserID and Email matches.

The user receives an email confirmation in the following format:

Hi deepak!
Welcome to deepak-sharma.net! Please click here to activate your account.

Write function to get the user id of a given email

private string GetUserID(string Email)
{
    string ConString = ConfigurationManager.ConnectionStrings["ConString"].ConnectionString;
    SqlConnection con = new SqlConnection(ConString);
   
    SqlCommand cmd=new SqlCommand("SELECT UserId FROM aspnet_Membership WHERE email=@Email", con);
    cmd.Parameters.AddWithValue("@Email", Email);
    con.Open();
    string UserID = cmd.ExecuteScalar().ToString();
    con.Close();
    return UserID;
}

Step 4

Create a new Web page "ActivateUsers.aspx" and write following code in its load event:

string ConString = ConfigurationManager.ConnectionStrings["ConString"].ConnectionString;

string Email, UserID;

int i=0;

 

if ((Request.QueryString["UserID"] != null) & (Request.QueryString["Email"] != null))

{

    UserID = Request.QueryString["UserID"];

    Email = Request.QueryString["Email"];

    SqlConnection con = new SqlConnection(ConString);

    SqlCommand cmd = new SqlCommand("UPDATE aspnet_Membership SET IsApproved=1 WHERE UserID=@UserID AND Email=@Email", con);

    cmd.Parameters.AddWithValue("@UserID", UserID);

    cmd.Parameters.AddWithValue("@Email", Email);

    con.Open();

    i = cmd.ExecuteNonQuery();

    con.Close();

}

if (i > 0)

{

    Response.Write("Thanks for activation. You can login now!");

    Response.Write("<a href='Login.aspx'>Login</a>");

}

This page is called when the user clicks on the activation mail. When the DisableCreatedUser property of CreateUserWizard is set to true, the IsApproved field is set to 0 to disable the user. When UserID and Email of the query strings is matched in the load event of this page, the IsApproved field is set to 1 to enable the user.