Hướng dẫn windows authentication trong mvc
Skip to main content This browser is no longer supported. Show
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support. Create a secure ASP.NET MVC 5 web app with log in, email confirmation and password reset (C#)
In this articleby Rick Anderson This tutorial shows you how to build an ASP.NET MVC 5 web app with email confirmation and password reset using the ASP.NET Identity membership system. For an updated version of this tutorial that uses .NET Core, see Account confirmation and password recovery in ASP.NET Core. Create an ASP.NET MVC appStart by installing and running Visual Studio Express 2013 for Web or Visual Studio 2013. Install Visual Studio 2013 Update 3 or higher.
Email confirmationIt's a best practice to confirm the email of a new user registration to verify they are not impersonating someone else (that is, they haven't registered with someone else's email). Suppose you had a discussion forum, you would want to prevent You generally want to prevent new users from posting any data to your web site before they have been confirmed by email, a SMS text message or another mechanism. In the sections below, we will enable email confirmation and modify the code to prevent newly registered users from logging in until their email has been confirmed. Hook up SendGridThe instructions in this section are not current. See Configure SendGrid email provider for updated instructions. Although this tutorial only shows how to add email notification through SendGrid, you can send email using SMTP and other mechanisms (see additional resources).
You'll need to add the following includes:
To keep this sample simple, we'll store the app settings in the web.config file:
Enable email confirmation in the Account controller
Verify the Views\Account\ConfirmEmail.cshtml file has correct razor syntax. ( The @ character in the first line might be missing. )
Run the app and click the Register link. Once you submit the registration form, you are logged in. Check your email account and click on the link to confirm your email. Require email confirmation before log inCurrently once a user completes the registration form, they
are logged in. You generally want to confirm their email before logging them in. In the section below, we will modify the code to require new users to have a confirmed email before they are logged in (authenticated). Update the
By commenting out the Create a
Add the Authorize attribute to the
You must also update the
Update the Views\Shared\Error.cshtml view to display the error message:
Delete any accounts in the AspNetUsers table that contain the email alias you wish to test with. Run the app and verify you can't log in until you have confirmed your email address. Once you confirm your email address, click the Contact link. Password recovery/resetRemove the comment characters from the
Remove the comment characters from the
The Log in page will now show a link to reset the password. Resend email confirmation linkOnce a user creates a new local account, they are emailed a confirmation link they are required to use before they can log on. If the user accidentally deletes the confirmation email, or the email never arrives, they will need the confirmation link sent again. The following code changes show how to enable this. Add the following helper method to the bottom of the Controllers\AccountController.cs file:
Update the Register method to use the new helper:
Update the Login method to resend the password if the user account has not been confirmed:
Combine social and local login accountsYou can combine local and social accounts by clicking on your email link. In the following sequence is first created as a local login, but you can create the account as a social log in first, then add a local login. Click on the Manage link. Note the External Logins: 0 associated with this account. Click the link to another log in service and accept the app requests. The two accounts have been combined, you will be able to log on with either account. You might want your users to add local accounts in case their social log in authentication service is down, or more likely they have lost access to their social account. In the following image, Tom is a social log in (which you can see from the External Logins: 1 shown on the page). Clicking on Pick a password allows you to add a local log on associated with the same account. Email confirmation in more depthMy tutorial Account Confirmation and Password Recovery with ASP.NET Identity goes into this topic with more details. Debugging the appIf you don't get an email containing the link:
To test the verification link without email, download the completed sample. The confirmation link and confirmation codes will be displayed on the page. Additional Resources
|