The web configuration file in Listing 26.13 makes both an email address and security question and answer optional... If you add the web configuration file in Listing 26.13 to your applic
Trang 1FIGURE 26.6 Formatting the CreateUserWizard control
These are the default form fields The last three fields are optional
If you don’t want to require a user to enter either an email address or a security question
and answer, you need to modify the configuration of the default membership provider
The web configuration file in Listing 26.13 makes both an email address and security
question and answer optional
LISTING 26.13 Web.Config
<?xml version=”1.0” encoding=”utf-8”?>
<configuration>
<system.web>
<authentication mode=”Forms” />
<membership defaultProvider=”MyMembership”>
<providers>
<add
name=”MyMembership”
type=”System.Web.Security.SqlMembershipProvider”
connectionStringName=”LocalSqlServer”
requiresQuestionAndAnswer=”false”
requiresUniqueEmail=”false” />
Trang 2FIGURE 26.7 An abbreviated registration form
</providers>
</membership>
</system.web>
</configuration>
If you add the web configuration file in Listing 26.13 to your application, the
CreateUserWizard control does not render fields for a security question and answer
However, the CreateUserWizard control still renders an email field If you don’t want the
email form field to be rendered, you must perform an additional step You must set the
CreateUserWizard control’s RequireEmail property to the value False
If you add the page in Listing 26.14 to an application that contains the web configuration
file in Listing 26.13, the email, security question, and security answer form fields are not
displayed (see Figure 26.7)
LISTING 26.14 CreateUserWizardShort.aspx
<%@ Page Language=”C#” %>
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN”
“http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html xmlns=”http://www.w3.org/1999/xhtml” >
<head id=”Head1” runat=”server”>
Trang 3<title>CreateUserWizard Short</title>
</head>
<body>
<form id=”form1” runat=”server”>
<div>
<asp:CreateUserWizard
id=”CreateUserWizard1”
RequireEmail=”false”
Runat=”server” />
</div>
</form>
</body>
</html>
WARNING
Don’t set the CreateUserWizard control’s RequireEmail property to the value False
when the membership provider’s requiresUniqueEmail property is set to the value
True In other words, don’t require an email address when you haven’t provided a user
with a method for entering an email address
Sending a Create User Email Message
You can set up the CreateUserWizard control so that it automatically sends an email
when a new user registers For example, you can send an email that contains the new
user’s registered username and password to that user’s email account
WARNING
Sending an unencrypted email across the Internet with a user’s password is
danger-ous However, it also is a common practice to include a password in a registration
con-firmation email
The page in Listing 26.15 includes a MailDefinition property that specifies the properties
of the email that is sent to a user after the user successfully registers
LISTING 26.15 CreateUserWizardEmail.aspx
<%@ Page Language=”C#” %>
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN”
“http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html xmlns=”http://www.w3.org/1999/xhtml” >
Trang 4<head id=”Head1” runat=”server”>
<title>CreateUserWizard Email</title>
</head>
<body>
<form id=”form1” runat=”server”>
<div>
<asp:CreateUserWizard
id=”CreateUserWizard1”
Runat=”server”>
<MailDefinition
BodyFileName=”Register.txt”
Subject=”Registration Confirmation”
From=”Admin@YourSite.com” />
</asp:CreateUserWizard>
</div>
</form>
</body>
</html>
The MailDefinition class supports the following properties:
CC—Enables you to send a carbon copy of the email message
message
From—Enables you to specify the FROM email address
are High, Low, and Normal
The MailDefinition associated with the CreateUserWizard control in Listing 26.15 sends
the contents of the text file in Listing 26.16
LISTING 26.16 Register.txt
Thank you for registering!
Here is your new username and password:
username: <% UserName %>
password: <% Password %>
Trang 5FIGURE 26.8 Receiving a registration email
The email message in Listing 26.16 includes two special expressions: <% UserName %> and
<% Password %> When the email is sent, the user’s registered username and password are
substituted for these expressions (see Figure 26.8)
NOTE
You can send a user’s password in an email message even when the password is
encrypted or hashed by the Membership provider
The MailDefinition class uses the email server configured by the smtp element in the web
configuration file For example, the web configuration file in Listing 26.17 illustrates how
you can configure the MailDefinition class to use the local SMTP server included with
Internet Information Services (You can enable the local SMTP Server by opening Internet
Information Services from the Administrative Tools folder.)
LISTING 26.17 Web.Config
<?xml version=”1.0” encoding=”utf-8”?>
<configuration>
<system.net>
<mailSettings>
<smtp deliveryMethod=”PickupDirectoryFromIis”/>
</mailSettings>
</system.net>
<system.web>
<authentication mode=”Forms” />
</system.web>
</configuration>
Trang 6If you need to connect to a mail server located on another machine, you can use the web
configuration file in Listing 26.18 In Listing 26.18, the smtp element includes a network
element that specifies a mail host, username, and password
LISTING 26.18 Web.Config
<?xml version=”1.0” encoding=”utf-8”?>
<configuration>
<system.net>
<mailSettings>
<smtp>
<network
host=”mail.YourServer.com”
userName=”admin”
password=”secret” />
</smtp>
</mailSettings>
</system.net>
<system.web>
<authentication mode=”Forms” />
</system.web>
</configuration>
NOTE
If you need to customize the email message sent by the CreateUserWizard control,
you can handle the CreateUserWizard control’s SendingMail event See the
CreateUserWizardCodeConfirmation.aspx page in the next section
Automatically Redirecting a User to the Referring Page
When you successfully log in from the Login.aspx page, you automatically are redirected
back to the original page you requested The CreateUserWizard control, on the other
hand, does not redirect you back anywhere If you want the CreateUserWizard control to
work in the same way as the Login control, you need to write some code
The Login control in Listing 26.19 includes a link to a user registration page named
CreateUserWizardReturn.aspx In the Page_Load() event handler, the value of the
ReturnUrl query string parameter is added to the link to the registration page
LISTING 26.19 LoginReturn.aspx
<%@ Page Language=”C#” %>
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN”
“http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
Trang 7<script runat=”server”>
protected void Page_Load(object sender, EventArgs e)
{
if (!Page.IsPostBack)
{
string dest = Request.QueryString[“ReturnUrl”];
Login1.CreateUserUrl =
“~/CreateUserWizardReturn.aspx?ReturnUrl=” + Server.UrlEncode(dest);
}
}
</script>
<html xmlns=”http://www.w3.org/1999/xhtml” >
<head id=”Head1” runat=”server”>
<title>Login Return</title>
</head>
<body>
<form id=”form1” runat=”server”>
<div>
<asp:Login
id=”Login1”
CreateUserText=”Register”
CreateUserUrl=”~/CreateUserWizardReturn.aspx”
Runat=”server” />
</div>
</form>
</body>
</html>
Before you use the page in Listing 26.19, you need to rename the page to Login.aspx If a
user requests a page that the user is not authorized to access, the user is automatically
redirected to the Login.aspx page The ReturnUrl parameter is automatically added to the
request for Login.aspx
The page in Listing 26.20 contains a CreateUserWizard control This page also contains a
Page_Load() event handler The value of the ReturnUrl query string parameter is used to
redirect the user back to the originally requested page
LISTING 26.20 CreateUserWizardReturn.aspx
<%@ Page Language=”C#” %>
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN”
“http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<script runat=”server”>
Trang 8void Page_Load()
{
if (!Page.IsPostBack)
{
string dest = “~/Default.aspx”;
if (!String.IsNullOrEmpty(Request.QueryString[“ReturnURL”]))
dest = Request.QueryString[“ReturnURL”];
CreateUserWizard1.ContinueDestinationPageUrl = dest;
}
}
</script>
<html xmlns=”http://www.w3.org/1999/xhtml” >
<head id=”Head1” runat=”server”>
<title>CreateUserWizard Return</title>
</head>
<body>
<form id=”form1” runat=”server”>
<div>
<asp:CreateUserWizard
id=”CreateUserWizard1”
Runat=”server” />
</div>
</form>
</body>
</html>
Automatically Generating a Password
Some websites require you to complete multiple steps when registering For example, you
must complete the following steps when registering for a new account at eBay:
1 Complete the registration form
2 Receive an email with a confirmation code
3 Enter the confirmation code into a form
This method of registration enables you to verify a user’s email address If someone enters
an invalid email address, the confirmation code is never received
If you need to implement this registration scenario, you need to know about the following
three properties of the CreateUserWizard control:
password automatically
Trang 9CreateUserWizard control
automatically
You can send two types of confirmation email messages First, you can generate a new
password automatically and send the password to the user In that case, you want to
enable the AutoGeneratePassword property and disable the LoginCreatedUser properties
Alternatively, you can allow a new user to enter her own password and send a distinct
confirmation code in the confirmation email message In that case, you want to enable
the DisableCreatedUser property and disable the LoginCreatedUser property Let’s
examine each of these scenarios in turn
The page in Listing 26.21 contains a CreateUserWizard control that does not render a
pass-word form field The control has its AutoGeneratePassword property enabled and its
LoginCreatedUser property disabled After you complete the form rendered by the
CreateUserWizard control, you can click the Continue button to open the Login.aspx page
LISTING 26.21 CreateUserWizardPasswordConfirmation.aspx
<%@ Page Language=”C#” %>
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN”
“http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html xmlns=”http://www.w3.org/1999/xhtml” >
<head id=”Head1” runat=”server”>
<title>CreateUserWizard Password Confirmation</title>
</head>
<body>
<form id=”form1” runat=”server”>
<div>
<asp:CreateUserWizard
id=”CreateUserWizard1”
CompleteSuccessText=”A confirmation email
containing your new password has been
sent to your email address.”
AutoGeneratePassword=”true”
LoginCreatedUser=”false”
ContinueDestinationPageUrl=”~/Login.aspx”
Runat=”server”>
<MailDefinition
From=”Admin@YourSite.com”
BodyFileName=”PasswordConfirmation.htm”
IsBodyHtml=”true”
Subject=”Registration Confirmation” />
</asp:CreateUserWizard>
Trang 10</div>
</form>
</body>
</html>
WARNING
Don’t set the membership provider’s passwordStrengthRegularExpression attribute
when enabling the CreateUserWizard control’s AutoGeneratePassword property
The CreateUserWizard control in Listing 26.21 sends the email message contained in
Listing 26.22
LISTING 26.22 PasswordConfirmation.htm
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN”
“http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html xmlns=”http://www.w3.org/1999/xhtml” >
<head>
<title>Password Confirmation</title>
</head>
<body>
Your new password is <% Password %>
</body>
</html>
The email message in Listing 26.22 includes the automatically generated password When
the new user receives the automatically generated password in her inbox, she can enter
the password in the Login.aspx page
In the second scenario, the user gets to choose his password However, the user’s account
is disabled until he enters his confirmation code
The CreateUserWizard control in Listing 26.23 has its DisableCreateUser property
enabled and its LoginCreatedUser property disabled
LISTING 26.23 CreateUserWizardCodeConfirmation.aspx
<%@ Page Language=”C#” %>
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN”
“http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<script runat=”server”>