Details |
![]() |
QuickDocId | 572 |
Written by | Imar Spaanjaars |
Posted | 11/11/2012 15:38 |
Page views | 17043 |
Are you looking to hire an experienced software developer or .NET consultant? Then get in touch with me through my company's web site at devierkoeden.com
Found an interesting article on this site? Got inspired by something you read here? Then consider making a donation with PayPal.
If you haven't read the original article yet, you're encouraged to do it now as it explains the core principle of approving user accounts. In this article, I'll only describe the variations needed to let an administrator approve the account.
From a high-level perspective, here's what you need to do to let an administrator of your site approve the account of a newly signed up user:
You'll see how to accomplish these steps next.
This is similar to the implementation in the original article: add a CreateUserWizard to a page (called SignUp.aspx in the demo site), and set DisableCreatedUser to True so the user account isn't activated automatically when it gets created. Then write code for the SendingMail event and redirect the e-mail to an administrator instead of to the user that signed up for the account. Here's the code for the CreateUserWizard (note: you find a fully working example in the download for this article):
<asp:CreateUserWizard ID="CreateUserWizard1" runat="server" DisableCreatedUser="True" OnCreatedUser="CreateUserWizard1_CreatedUser" OnSendingMail="CreateUserWizard1_SendingMail" CompleteSuccessText="Your account has been successfully created. You won't be able to log in until your account has been approved by an administrator."> <MailDefinition BodyFileName="~/App_Data/NewAccount.txt" From="imar@example.com" Subject="A new account has been created"> </MailDefinition> <WizardSteps> <asp:CreateUserWizardStep runat="server" /> <asp:CompleteWizardStep runat="server" /> </WizardSteps> </asp:CreateUserWizard>
In the code behind of SignUp.aspx, you can modify the e-mail message that is normally send to the user, and send it to an administrator instead, like this:
protected void CreateUserWizard1_SendingMail(object sender, MailMessageEventArgs e) { // Remove the original recipient e.Message.To.Clear(); // Add the Administrator account as the new recipient e.Message.To.Add("administrator@example.com"); string confirmLink = string.Format("{0}://{1}/Confirm.aspx?ConfirmationKey={2}&UserName={3}", Request.Url.Scheme, Request.Url.Authority, _accountConfirmationKey, CreateUserWizard1.UserName); e.Message.Body = e.Message.Body.Replace("##ConfirmLink##", confirmLink); }
First, this code clears the To collection by calling Clear. This removes the original recipient so the user that signed up for an account doesn't receive a copy of the message. Then the e-mail address of the Administrator is added by calling Add on the To collection and passing in the administrator's e-mail address. The remainder of the code is identical to the code presented in the previous article. Also, the code in the CreatedUser event to generate a random confirmation key for the user is exactly the same. To see how this code looks, check out the original article or download the source at the end of this article.
The demo that comes with this article does not only let an administrator approve the account; it also lets the administrator assign the new user to zero or more roles. To implement this, I did the following:
<roleManager defaultProvider="DefaultRoleProvider" enabled="true">
void Application_Start(object sender, EventArgs e) { if (!Roles.RoleExists("Administrators")) { Roles.CreateRole("Administrators"); } if (!Roles.RoleExists("Members")) { Roles.CreateRole("Members"); } }
This is optional and you can leave out this step if you're sure the required roles already exists in your database.
<asp:CheckBoxList ID="RolesList" runat="server" />
protected void Page_Load(object sender, EventArgs e) { if (!Page.IsPostBack) { RolesList.DataSource = Roles.GetAllRoles(); RolesList.DataBind(); } _userName = Request.QueryString.Get("UserName"); _accountKey = Request.QueryString.Get("ConfirmationKey"); }
protected void SaveChanges_Click(object sender, EventArgs e) { var profile = ProfileCommon.Create(_userName) as ProfileCommon; if (_accountKey == profile.AccountConfirmationKey) { var user = Membership.GetUser(_userName); user.IsApproved = true; Membership.UpdateUser(user); foreach (ListItem role in RolesList.Items) { if (role.Selected) { Roles.AddUserToRole(_userName, role.Value); } } Status.Text = "Account confirmed successfully."; } else { Status.Text = "Something went wrong while confirming your account."; } }
Once this code has run, the new account is active, and has been assigned to the roles the administrator has selected for that account.
This is just a short demo to show the underlying principles. If you want to use this in a real-world website, you're advised to make the following changes:
Wonder where to go next?
You can read existing comments below
or you can post a comment yourself on this article
.
Consider making a donation
Please consider making a donation using PayPal. Your donation helps me to pay the bills so I can keep running Imar.Spaanjaars.Com, providing fresh content as often as possible.
I am interested in what you have to say about this article. Feel free to post any comments, remarks or questions you may have about this article. The Talk Back feature is not meant for technical questions that are not directly related to this article. So, a post like "Hey, can you tell me how I can upload files to a MySQL database in PHP?" is likely to be removed. Also spam and unrealistic job offers will be deleted immediately.
When you post a comment, you have to provide your name and the comment. Your e-mail address is optional and you only need to provide it if you want me to contact you. It will not be displayed along with your comment. I got sick and tired of the comment spam I was receiving, so I have protected this page with a simple calculation exercise. This means that if you want to leave a comment, you'll need to complete the calculation before you hit the Post Comment button.
If you want to object to a comment made by another visitor, be sure to contact me and I'll look into it ASAP. Don't forget to mention the page link, or the QuickDocId of the document.
For more information about the Talk Back feature, check out this news item.
QuickDocId | 572 |
Full URL | http://imar.spaanjaars.com/572/approving-users-and-assigning-them-to-roles-after-they-sign-up-for-an-account |
Short cut | http://imar.spaanjaars.com/572/ |
Written by | Imar Spaanjaars |
Date Posted | 11/11/2012 15:38 |