email help

  • Thread starter \jason via DotNetMonster.com\
  • Start date
J

\jason via DotNetMonster.com\

currently i am doing a personal website and keep on changing the aspect...
finally the finall decision is to have a login page (requirement in asp.net,
vb.net) and the login with security part of capturing user computer user name
i have done...
my problem is ....

i need the unregistered user to log in to my site and from there there will
be a link for them to key in their short information in a textbox and a html
email will be sent to me (as an admin) whether to accept the request or not..
~ so when i receive the html type email.. there will be extra 2 buttons (for
me to accept or reject the request right?) so is it possible to make it done?
sending using smtp server? tat is fine for me as i can use the server being
provided by our school in which i had already been given permission to do so..
..

so when the button accept being pressed.... it will automatically being saved
to my database (i am using MS access) and the user can gain access to the
site..

sending a html email? is it really can be done with ease? as i am new in .net
.... coz i am still stick to vb6.0 and find it .net quite troublesome... can
you please help me?

on every situation.. an email will be replied to the user stating his or her
status on the request..

as far as i know.. in every commersial website this can be done says for
example.. when i go to their site, and click permission to get access.. an
email will be sent to them right? then maybe it will go through a system
(server ) and then redirect the mail to admin and admin just response to the
mail.. after that the replying thing will be done solely by the system
(server)... is this how the system goes? is i am wrong....
that is the thing i wish to do but to no avail.. so really hope that you
could help in this.. thanks...

thank you...

regards... jason
 
K

Karl Seguin

Typically the way it would be done is to have it send you a notification
email...you then log into the application where you accept/decline the new
account.

The problem with doing it straight from the email is that it won't at all be
secure...there'll be no way for the application to verify that you are
indeed the one clicking the ok...

Karl
 
G

Guest

Hi Jason, Following up on Karl's post, it would be unusual to activate
accounts directly from an email, as this would imply that all you had to do
would be to create a POST or GET to the server to activate the new account.

In response to the Html Email part of the question: Creating one is very
simple
look at the System.Web.Mail namespace

e.g

'typically you only need to set the mail server once
Web.Mail.SmtpMail.SmtpServer = "My SMTP Server"

Dim m As New System.Web.Mail.MailMessage
With m
.To = myRecipientEmailAddress
.From = myEmailAddress
.Subject = myMessageSubject
.BodyFormat = Mail.MailFormat.Html
.Body = myHtmlEmailString
End With

Web.Mail.SmtpMail.Send(m)

If you want to send images embedded into the email it gets slightly more
complicated but can be done with MailAttachment objects and UrlContent* params

Note that the native .Net mail components do not allow for authentication
with an smtp server which in some cases may make it unworkable and you may
need to look at 3rd party components. If it's your own smtp server (e.g IIS)
you can allow anonymous users but make sure you lock down the IP addresses
that the smtp server will send/relay messages for otherwise you're inviting
every spammer to do their "work" through your equipment.

HTH jd

Karl Seguin said:
Typically the way it would be done is to have it send you a notification
email...you then log into the application where you accept/decline the new
account.

The problem with doing it straight from the email is that it won't at all be
secure...there'll be no way for the application to verify that you are
indeed the one clicking the ok...

Karl
 
J

\jason via DotNetMonster.com\

Karl Seguin -
yupe i also did figure about this security matter~
so now i thought of something...`
when user fill in 2 textbox from a page then then click a button.... then
function of the button is to send me email..~ so when i receive that email,
there will display back wat they have written (how can i do this.. ? sorri
coz i am new in .net ) and then there will be a link... the link will
redirect me to another page where onli admin can get acces to it.. (will
require password - this one i know how to do it)
then onli admin will accept or reject... but how would the admin accept or
reject? it means.. wat the user key in earlier will be displayed in the email
AND then display it in the new form right? so how can we do this?can we get
the text from the email and then put it back to the text in the admin page?
ai...~ totally have no idea on how to do?:S

so will have to please teach me step by step to do it..~ so that i can learn
more...~

so this matter will be much more secure right? if the user suddenly get the
link but for sure without password he or she kenot get in to the admin page ?
then in the admin page, when admin accept the user... and save to database
(access) just a button to be click right? the process will be ... ? and then
email will be sent back to the user...~
so how can i get the user email AUTOMATICALLY from the earliest page or the
email?

huh.. quite troublesome? thanks for answering..~ but really in need your help
/. thanbks..~

Karl said:
Typically the way it would be done is to have it send you a notification
email...you then log into the application where you accept/decline the new
account.

The problem with doing it straight from the email is that it won't at all be
secure...there'll be no way for the application to verify that you are
indeed the one clicking the ok...

Karl
currently i am doing a personal website and keep on changing the aspect...
finally the finall decision is to have a login page (requirement in
[quoted text clipped - 48 lines]
regards... jason
 
J

\jason via DotNetMonster.com\

london





yupe i also did figure about this security matter~
so now i thought of something...`
when user fill in 2 textbox from a page then then click a button.... then
function of the button is to send me email..~ so when i receive that email,
there will display back wat they have written (how can i do this.. ? sorri
coz i am new in .net ) and then there will be a link... the link will
redirect me to another page where onli admin can get acces to it.. (will
require password - this one i know how to do it)
then onli admin will accept or reject... but how would the admin accept or
reject? it means.. wat the user key in earlier will be displayed in the email
AND then display it in the new form right? so how can we do this?can we get
the text from the email and then put it back to the text in the admin page?
ai...~ totally have no idea on how to do?:S

so will have to please teach me step by step to do it..~ so that i can learn
more...~

so this matter will be much more secure right? if the user suddenly get the
link but for sure without password he or she kenot get in to the admin page ?
then in the admin page, when admin accept the user... and save to database
(access) just a button to be click right? the process will be ... ? and then
email will be sent back to the user...~
so how can i get the user email AUTOMATICALLY from the earliest page or the
email?

huh.. quite troublesome? thanks for answering..~ but really in need your help
/. thanbks..~












london said:
Hi Jason, Following up on Karl's post, it would be unusual to activate
accounts directly from an email, as this would imply that all you had to do
would be to create a POST or GET to the server to activate the new account.

In response to the Html Email part of the question: Creating one is very
simple
look at the System.Web.Mail namespace

e.g

'typically you only need to set the mail server once
Web.Mail.SmtpMail.SmtpServer = "My SMTP Server"

Dim m As New System.Web.Mail.MailMessage
With m
.To = myRecipientEmailAddress
.From = myEmailAddress
.Subject = myMessageSubject
.BodyFormat = Mail.MailFormat.Html
.Body = myHtmlEmailString
End With

Web.Mail.SmtpMail.Send(m)

If you want to send images embedded into the email it gets slightly more
complicated but can be done with MailAttachment objects and UrlContent* params

Note that the native .Net mail components do not allow for authentication
with an smtp server which in some cases may make it unworkable and you may
need to look at 3rd party components. If it's your own smtp server (e.g IIS)
you can allow anonymous users but make sure you lock down the IP addresses
that the smtp server will send/relay messages for otherwise you're inviting
every spammer to do their "work" through your equipment.

HTH jd
Typically the way it would be done is to have it send you a notification
email...you then log into the application where you accept/decline the new
[quoted text clipped - 58 lines]
 
G

Guest

Hi Jason, You may need to think about your architecture...
Usually you would have a table in a database for users. In this table could
be a field to say whether they are allowed to login (active, suspended,
banned etc) and another one to say what roles (or permissions) they have on
the site (you would use this information to determine whether the user can
contribute / edit content or have access to some or all of the administration
screens for instance) .

In fact the permissions would often be in a seperate table joined on by
PrimaryKey - ForeignKey relationship. This allows one user to be a member of
many roles, which means the roles can be finer tuned (e.g to allow access to
one admin panel instead of all admin panels).

I would suggest you start with...

when the user registers (asks for an account) let them choose a password at
this point. Store their details in the database but set the AllowedToLogin
field to false.
Your application then sends you an email saying somebody has requested an
account.

You then receive the email and go to a page in your application that lists
new user requests and from here you set the user to allowed to login (And
update the database) or ignore their request.

If you accept their request, the application sends them an email confirming
that they have been accepted and can log in - and they already know their
password.

Alternatively your app could autogenerate a password for them and this could
be included in the email you send them. Though it would make sense to then
allow them to login and change their password to something they can remember.

Look at FormsAuthentication in the MSDN Library to find out how ASP.Net
authenticates users (checks that they are logged in). Its very simple to set
up and can be extended if required.

Another thing worth noting: It is more secure if you do not store the raw
password in the database. If you hash it first (which you can do with the
formsauthentication object or with the cryptography objects) and store the
hash in the database. then when the user types their password you hash that
and then compare the hashes. This means if somebody gets access to the
database table they cannot work out what the raw password is... though it
could be argued that the horse is well out of view by then...

HTH jd

"jason via DotNetMonster.com" said:
london





yupe i also did figure about this security matter~
so now i thought of something...`
when user fill in 2 textbox from a page then then click a button.... then
function of the button is to send me email..~ so when i receive that email,
there will display back wat they have written (how can i do this.. ? sorri
coz i am new in .net ) and then there will be a link... the link will
redirect me to another page where onli admin can get acces to it.. (will
require password - this one i know how to do it)
then onli admin will accept or reject... but how would the admin accept or
reject? it means.. wat the user key in earlier will be displayed in the email
AND then display it in the new form right? so how can we do this?can we get
the text from the email and then put it back to the text in the admin page?
ai...~ totally have no idea on how to do?:S

so will have to please teach me step by step to do it..~ so that i can learn
more...~

so this matter will be much more secure right? if the user suddenly get the
link but for sure without password he or she kenot get in to the admin page ?
then in the admin page, when admin accept the user... and save to database
(access) just a button to be click right? the process will be ... ? and then
email will be sent back to the user...~
so how can i get the user email AUTOMATICALLY from the earliest page or the
email?

huh.. quite troublesome? thanks for answering..~ but really in need your help
/. thanbks..~












london said:
Hi Jason, Following up on Karl's post, it would be unusual to activate
accounts directly from an email, as this would imply that all you had to do
would be to create a POST or GET to the server to activate the new account.

In response to the Html Email part of the question: Creating one is very
simple
look at the System.Web.Mail namespace

e.g

'typically you only need to set the mail server once
Web.Mail.SmtpMail.SmtpServer = "My SMTP Server"

Dim m As New System.Web.Mail.MailMessage
With m
.To = myRecipientEmailAddress
.From = myEmailAddress
.Subject = myMessageSubject
.BodyFormat = Mail.MailFormat.Html
.Body = myHtmlEmailString
End With

Web.Mail.SmtpMail.Send(m)

If you want to send images embedded into the email it gets slightly more
complicated but can be done with MailAttachment objects and UrlContent* params

Note that the native .Net mail components do not allow for authentication
with an smtp server which in some cases may make it unworkable and you may
need to look at 3rd party components. If it's your own smtp server (e.g IIS)
you can allow anonymous users but make sure you lock down the IP addresses
that the smtp server will send/relay messages for otherwise you're inviting
every spammer to do their "work" through your equipment.

HTH jd
Typically the way it would be done is to have it send you a notification
email...you then log into the application where you accept/decline the new
[quoted text clipped - 58 lines]
regards... jason
 
J

\jason via DotNetMonster.com\

hehe...

actually my main password would be something like.. capturing the user's
windows user name
since the application will be used here in a company so all the windows user
name are already being set up and couldnt be changed...~ the security part i
will put it aside as i can alwiz redesign it later on but the most important
thing for me is the email thing... totally blur about it.. +_+"
by the way... the email form i did already.. (er.. do you wan to have a look
on it? if yes.. maybe i can send you an email so that u will have a better
look on my structure? or you can alwiz email me at (e-mail address removed))

i manage to send the email to admin (myself) and all the text user input in
(lets say FORM 1)
in form1 user key in text and click the send button..
email being sent to me witrh the text he wrote in form1
then in the email there will be a link to form2 (the hyperlink is hidden and
secure with password * it doesnt matter for the time being) when admin (me)
go to form 2 is it possible for me to recapture all the text in the email?
or anyway for me to get back the wat the user typed earlier?

from there i think i will be able to finish my important part of this
assignment...

er.... u clear? hmm... soo sorry for all the troublesome..

* btw.. your idea quite great ;) maybe it is based on experience ?
(especially on the security thing..)

thanks sir...



london said:
Hi Jason, You may need to think about your architecture...
Usually you would have a table in a database for users. In this table could
be a field to say whether they are allowed to login (active, suspended,
banned etc) and another one to say what roles (or permissions) they have on
the site (you would use this information to determine whether the user can
contribute / edit content or have access to some or all of the administration
screens for instance) .

In fact the permissions would often be in a seperate table joined on by
PrimaryKey - ForeignKey relationship. This allows one user to be a member of
many roles, which means the roles can be finer tuned (e.g to allow access to
one admin panel instead of all admin panels).

I would suggest you start with...

when the user registers (asks for an account) let them choose a password at
this point. Store their details in the database but set the AllowedToLogin
field to false.
Your application then sends you an email saying somebody has requested an
account.

You then receive the email and go to a page in your application that lists
new user requests and from here you set the user to allowed to login (And
update the database) or ignore their request.

If you accept their request, the application sends them an email confirming
that they have been accepted and can log in - and they already know their
password.

Alternatively your app could autogenerate a password for them and this could
be included in the email you send them. Though it would make sense to then
allow them to login and change their password to something they can remember.

Look at FormsAuthentication in the MSDN Library to find out how ASP.Net
authenticates users (checks that they are logged in). Its very simple to set
up and can be extended if required.

Another thing worth noting: It is more secure if you do not store the raw
password in the database. If you hash it first (which you can do with the
formsauthentication object or with the cryptography objects) and store the
hash in the database. then when the user types their password you hash that
and then compare the hashes. This means if somebody gets access to the
database table they cannot work out what the raw password is... though it
could be argued that the horse is well out of view by then...

HTH jd
[quoted text clipped - 67 lines]
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top