email help

Discussion in 'ASP .Net' started by \jason via DotNetMonster.com\, Jul 6, 2005.

  1. currently i am doing a personal website and keep on changing the aspect...
    finally the finall decision is to have a login page (requirement in asp.net,
    vb.net) and the login with security part of capturing user computer user name
    i have done...
    my problem is ....

    i need the unregistered user to log in to my site and from there there will
    be a link for them to key in their short information in a textbox and a html
    email will be sent to me (as an admin) whether to accept the request or not..
    ~ so when i receive the html type email.. there will be extra 2 buttons (for
    me to accept or reject the request right?) so is it possible to make it done?
    sending using smtp server? tat is fine for me as i can use the server being
    provided by our school in which i had already been given permission to do so..
    ..

    so when the button accept being pressed.... it will automatically being saved
    to my database (i am using MS access) and the user can gain access to the
    site..

    sending a html email? is it really can be done with ease? as i am new in .net
    .... coz i am still stick to vb6.0 and find it .net quite troublesome... can
    you please help me?

    on every situation.. an email will be replied to the user stating his or her
    status on the request..

    as far as i know.. in every commersial website this can be done says for
    example.. when i go to their site, and click permission to get access.. an
    email will be sent to them right? then maybe it will go through a system
    (server ) and then redirect the mail to admin and admin just response to the
    mail.. after that the replying thing will be done solely by the system
    (server)... is this how the system goes? is i am wrong....
    that is the thing i wish to do but to no avail.. so really hope that you
    could help in this.. thanks...

    thank you...

    regards... jason


    --
    Message posted via DotNetMonster.com
    http://www.dotnetmonster.com/Uwe/Forums.aspx/asp-net/200507/1
     
    \jason via DotNetMonster.com\, Jul 6, 2005
    #1
    1. Advertising

  2. \jason via DotNetMonster.com\

    Karl Seguin Guest

    Typically the way it would be done is to have it send you a notification
    email...you then log into the application where you accept/decline the new
    account.

    The problem with doing it straight from the email is that it won't at all be
    secure...there'll be no way for the application to verify that you are
    indeed the one clicking the ok...

    Karl

    --
    MY ASP.Net tutorials
    http://www.openmymind.net/ - New and Improved (yes, the popup is annoying)
    http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
    come!)


    ""jason via DotNetMonster.com"" <> wrote in message
    news:...
    > currently i am doing a personal website and keep on changing the aspect...
    > finally the finall decision is to have a login page (requirement in
    > asp.net,
    > vb.net) and the login with security part of capturing user computer user
    > name
    > i have done...
    > my problem is ....
    >
    > i need the unregistered user to log in to my site and from there there
    > will
    > be a link for them to key in their short information in a textbox and a
    > html
    > email will be sent to me (as an admin) whether to accept the request or
    > not..
    > ~ so when i receive the html type email.. there will be extra 2 buttons
    > (for
    > me to accept or reject the request right?) so is it possible to make it
    > done?
    > sending using smtp server? tat is fine for me as i can use the server
    > being
    > provided by our school in which i had already been given permission to do
    > so..
    > .
    >
    > so when the button accept being pressed.... it will automatically being
    > saved
    > to my database (i am using MS access) and the user can gain access to the
    > site..
    >
    > sending a html email? is it really can be done with ease? as i am new in
    > .net
    > ... coz i am still stick to vb6.0 and find it .net quite troublesome...
    > can
    > you please help me?
    >
    > on every situation.. an email will be replied to the user stating his or
    > her
    > status on the request..
    >
    > as far as i know.. in every commersial website this can be done says for
    > example.. when i go to their site, and click permission to get access.. an
    > email will be sent to them right? then maybe it will go through a system
    > (server ) and then redirect the mail to admin and admin just response to
    > the
    > mail.. after that the replying thing will be done solely by the system
    > (server)... is this how the system goes? is i am wrong....
    > that is the thing i wish to do but to no avail.. so really hope that you
    > could help in this.. thanks...
    >
    > thank you...
    >
    > regards... jason
    >
    >
    > --
    > Message posted via DotNetMonster.com
    > http://www.dotnetmonster.com/Uwe/Forums.aspx/asp-net/200507/1
     
    Karl Seguin, Jul 6, 2005
    #2
    1. Advertising

  3. Hi Jason, Following up on Karl's post, it would be unusual to activate
    accounts directly from an email, as this would imply that all you had to do
    would be to create a POST or GET to the server to activate the new account.

    In response to the Html Email part of the question: Creating one is very
    simple
    look at the System.Web.Mail namespace

    e.g

    'typically you only need to set the mail server once
    Web.Mail.SmtpMail.SmtpServer = "My SMTP Server"

    Dim m As New System.Web.Mail.MailMessage
    With m
    .To = myRecipientEmailAddress
    .From = myEmailAddress
    .Subject = myMessageSubject
    .BodyFormat = Mail.MailFormat.Html
    .Body = myHtmlEmailString
    End With

    Web.Mail.SmtpMail.Send(m)

    If you want to send images embedded into the email it gets slightly more
    complicated but can be done with MailAttachment objects and UrlContent* params

    Note that the native .Net mail components do not allow for authentication
    with an smtp server which in some cases may make it unworkable and you may
    need to look at 3rd party components. If it's your own smtp server (e.g IIS)
    you can allow anonymous users but make sure you lock down the IP addresses
    that the smtp server will send/relay messages for otherwise you're inviting
    every spammer to do their "work" through your equipment.

    HTH jd

    "Karl Seguin" wrote:

    > Typically the way it would be done is to have it send you a notification
    > email...you then log into the application where you accept/decline the new
    > account.
    >
    > The problem with doing it straight from the email is that it won't at all be
    > secure...there'll be no way for the application to verify that you are
    > indeed the one clicking the ok...
    >
    > Karl
    >
    > --
    > MY ASP.Net tutorials
    > http://www.openmymind.net/ - New and Improved (yes, the popup is annoying)
    > http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
    > come!)
    >
    >
    > ""jason via DotNetMonster.com"" <> wrote in message
    > news:...
    > > currently i am doing a personal website and keep on changing the aspect...
    > > finally the finall decision is to have a login page (requirement in
    > > asp.net,
    > > vb.net) and the login with security part of capturing user computer user
    > > name
    > > i have done...
    > > my problem is ....
    > >
    > > i need the unregistered user to log in to my site and from there there
    > > will
    > > be a link for them to key in their short information in a textbox and a
    > > html
    > > email will be sent to me (as an admin) whether to accept the request or
    > > not..
    > > ~ so when i receive the html type email.. there will be extra 2 buttons
    > > (for
    > > me to accept or reject the request right?) so is it possible to make it
    > > done?
    > > sending using smtp server? tat is fine for me as i can use the server
    > > being
    > > provided by our school in which i had already been given permission to do
    > > so..
    > > .
    > >
    > > so when the button accept being pressed.... it will automatically being
    > > saved
    > > to my database (i am using MS access) and the user can gain access to the
    > > site..
    > >
    > > sending a html email? is it really can be done with ease? as i am new in
    > > .net
    > > ... coz i am still stick to vb6.0 and find it .net quite troublesome...
    > > can
    > > you please help me?
    > >
    > > on every situation.. an email will be replied to the user stating his or
    > > her
    > > status on the request..
    > >
    > > as far as i know.. in every commersial website this can be done says for
    > > example.. when i go to their site, and click permission to get access.. an
    > > email will be sent to them right? then maybe it will go through a system
    > > (server ) and then redirect the mail to admin and admin just response to
    > > the
    > > mail.. after that the replying thing will be done solely by the system
    > > (server)... is this how the system goes? is i am wrong....
    > > that is the thing i wish to do but to no avail.. so really hope that you
    > > could help in this.. thanks...
    > >
    > > thank you...
    > >
    > > regards... jason
    > >
    > >
    > > --
    > > Message posted via DotNetMonster.com
    > > http://www.dotnetmonster.com/Uwe/Forums.aspx/asp-net/200507/1

    >
    >
    >
     
    =?Utf-8?B?bG9uZG9uIGNhbGxpbmc=?=, Jul 6, 2005
    #3
  4. Karl Seguin -
    yupe i also did figure about this security matter~
    so now i thought of something...`
    when user fill in 2 textbox from a page then then click a button.... then
    function of the button is to send me email..~ so when i receive that email,
    there will display back wat they have written (how can i do this.. ? sorri
    coz i am new in .net ) and then there will be a link... the link will
    redirect me to another page where onli admin can get acces to it.. (will
    require password - this one i know how to do it)
    then onli admin will accept or reject... but how would the admin accept or
    reject? it means.. wat the user key in earlier will be displayed in the email
    AND then display it in the new form right? so how can we do this?can we get
    the text from the email and then put it back to the text in the admin page?
    ai...~ totally have no idea on how to do?:S

    so will have to please teach me step by step to do it..~ so that i can learn
    more...~

    so this matter will be much more secure right? if the user suddenly get the
    link but for sure without password he or she kenot get in to the admin page ?
    then in the admin page, when admin accept the user... and save to database
    (access) just a button to be click right? the process will be ... ? and then
    email will be sent back to the user...~
    so how can i get the user email AUTOMATICALLY from the earliest page or the
    email?

    huh.. quite troublesome? thanks for answering..~ but really in need your help
    /. thanbks..~

    Karl Seguin wrote:
    >Typically the way it would be done is to have it send you a notification
    >email...you then log into the application where you accept/decline the new
    >account.
    >
    >The problem with doing it straight from the email is that it won't at all be
    >secure...there'll be no way for the application to verify that you are
    >indeed the one clicking the ok...
    >
    >Karl
    >
    >> currently i am doing a personal website and keep on changing the aspect...
    >> finally the finall decision is to have a login page (requirement in

    >[quoted text clipped - 48 lines]
    >>
    >> regards... jason



    --
    Message posted via DotNetMonster.com
    http://www.dotnetmonster.com/Uwe/Forums.aspx/asp-net/200507/1
     
    \jason via DotNetMonster.com\, Jul 6, 2005
    #4
  5. london





    yupe i also did figure about this security matter~
    so now i thought of something...`
    when user fill in 2 textbox from a page then then click a button.... then
    function of the button is to send me email..~ so when i receive that email,
    there will display back wat they have written (how can i do this.. ? sorri
    coz i am new in .net ) and then there will be a link... the link will
    redirect me to another page where onli admin can get acces to it.. (will
    require password - this one i know how to do it)
    then onli admin will accept or reject... but how would the admin accept or
    reject? it means.. wat the user key in earlier will be displayed in the email
    AND then display it in the new form right? so how can we do this?can we get
    the text from the email and then put it back to the text in the admin page?
    ai...~ totally have no idea on how to do?:S

    so will have to please teach me step by step to do it..~ so that i can learn
    more...~

    so this matter will be much more secure right? if the user suddenly get the
    link but for sure without password he or she kenot get in to the admin page ?
    then in the admin page, when admin accept the user... and save to database
    (access) just a button to be click right? the process will be ... ? and then
    email will be sent back to the user...~
    so how can i get the user email AUTOMATICALLY from the earliest page or the
    email?

    huh.. quite troublesome? thanks for answering..~ but really in need your help
    /. thanbks..~












    london calling wrote:
    >Hi Jason, Following up on Karl's post, it would be unusual to activate
    >accounts directly from an email, as this would imply that all you had to do
    >would be to create a POST or GET to the server to activate the new account.
    >
    >In response to the Html Email part of the question: Creating one is very
    >simple
    >look at the System.Web.Mail namespace
    >
    >e.g
    >
    > 'typically you only need to set the mail server once
    > Web.Mail.SmtpMail.SmtpServer = "My SMTP Server"
    >
    > Dim m As New System.Web.Mail.MailMessage
    > With m
    > .To = myRecipientEmailAddress
    > .From = myEmailAddress
    > .Subject = myMessageSubject
    > .BodyFormat = Mail.MailFormat.Html
    > .Body = myHtmlEmailString
    > End With
    >
    > Web.Mail.SmtpMail.Send(m)
    >
    >If you want to send images embedded into the email it gets slightly more
    >complicated but can be done with MailAttachment objects and UrlContent* params
    >
    >Note that the native .Net mail components do not allow for authentication
    >with an smtp server which in some cases may make it unworkable and you may
    >need to look at 3rd party components. If it's your own smtp server (e.g IIS)
    >you can allow anonymous users but make sure you lock down the IP addresses
    >that the smtp server will send/relay messages for otherwise you're inviting
    >every spammer to do their "work" through your equipment.
    >
    >HTH jd
    >
    >> Typically the way it would be done is to have it send you a notification
    >> email...you then log into the application where you accept/decline the new

    >[quoted text clipped - 58 lines]
    >> >
    >> > regards... jason



    --
    Message posted via DotNetMonster.com
    http://www.dotnetmonster.com/Uwe/Forums.aspx/asp-net/200507/1
     
    \jason via DotNetMonster.com\, Jul 6, 2005
    #5
  6. Hi Jason, You may need to think about your architecture...
    Usually you would have a table in a database for users. In this table could
    be a field to say whether they are allowed to login (active, suspended,
    banned etc) and another one to say what roles (or permissions) they have on
    the site (you would use this information to determine whether the user can
    contribute / edit content or have access to some or all of the administration
    screens for instance) .

    In fact the permissions would often be in a seperate table joined on by
    PrimaryKey - ForeignKey relationship. This allows one user to be a member of
    many roles, which means the roles can be finer tuned (e.g to allow access to
    one admin panel instead of all admin panels).

    I would suggest you start with...

    when the user registers (asks for an account) let them choose a password at
    this point. Store their details in the database but set the AllowedToLogin
    field to false.
    Your application then sends you an email saying somebody has requested an
    account.

    You then receive the email and go to a page in your application that lists
    new user requests and from here you set the user to allowed to login (And
    update the database) or ignore their request.

    If you accept their request, the application sends them an email confirming
    that they have been accepted and can log in - and they already know their
    password.

    Alternatively your app could autogenerate a password for them and this could
    be included in the email you send them. Though it would make sense to then
    allow them to login and change their password to something they can remember.

    Look at FormsAuthentication in the MSDN Library to find out how ASP.Net
    authenticates users (checks that they are logged in). Its very simple to set
    up and can be extended if required.

    Another thing worth noting: It is more secure if you do not store the raw
    password in the database. If you hash it first (which you can do with the
    formsauthentication object or with the cryptography objects) and store the
    hash in the database. then when the user types their password you hash that
    and then compare the hashes. This means if somebody gets access to the
    database table they cannot work out what the raw password is... though it
    could be argued that the horse is well out of view by then...

    HTH jd

    ""jason via DotNetMonster.com"" wrote:

    > london
    >
    >
    >
    >
    >
    > yupe i also did figure about this security matter~
    > so now i thought of something...`
    > when user fill in 2 textbox from a page then then click a button.... then
    > function of the button is to send me email..~ so when i receive that email,
    > there will display back wat they have written (how can i do this.. ? sorri
    > coz i am new in .net ) and then there will be a link... the link will
    > redirect me to another page where onli admin can get acces to it.. (will
    > require password - this one i know how to do it)
    > then onli admin will accept or reject... but how would the admin accept or
    > reject? it means.. wat the user key in earlier will be displayed in the email
    > AND then display it in the new form right? so how can we do this?can we get
    > the text from the email and then put it back to the text in the admin page?
    > ai...~ totally have no idea on how to do?:S
    >
    > so will have to please teach me step by step to do it..~ so that i can learn
    > more...~
    >
    > so this matter will be much more secure right? if the user suddenly get the
    > link but for sure without password he or she kenot get in to the admin page ?
    > then in the admin page, when admin accept the user... and save to database
    > (access) just a button to be click right? the process will be ... ? and then
    > email will be sent back to the user...~
    > so how can i get the user email AUTOMATICALLY from the earliest page or the
    > email?
    >
    > huh.. quite troublesome? thanks for answering..~ but really in need your help
    > /. thanbks..~
    >
    >
    >
    >
    >
    >
    >
    >
    >
    >
    >
    >
    > london calling wrote:
    > >Hi Jason, Following up on Karl's post, it would be unusual to activate
    > >accounts directly from an email, as this would imply that all you had to do
    > >would be to create a POST or GET to the server to activate the new account.
    > >
    > >In response to the Html Email part of the question: Creating one is very
    > >simple
    > >look at the System.Web.Mail namespace
    > >
    > >e.g
    > >
    > > 'typically you only need to set the mail server once
    > > Web.Mail.SmtpMail.SmtpServer = "My SMTP Server"
    > >
    > > Dim m As New System.Web.Mail.MailMessage
    > > With m
    > > .To = myRecipientEmailAddress
    > > .From = myEmailAddress
    > > .Subject = myMessageSubject
    > > .BodyFormat = Mail.MailFormat.Html
    > > .Body = myHtmlEmailString
    > > End With
    > >
    > > Web.Mail.SmtpMail.Send(m)
    > >
    > >If you want to send images embedded into the email it gets slightly more
    > >complicated but can be done with MailAttachment objects and UrlContent* params
    > >
    > >Note that the native .Net mail components do not allow for authentication
    > >with an smtp server which in some cases may make it unworkable and you may
    > >need to look at 3rd party components. If it's your own smtp server (e.g IIS)
    > >you can allow anonymous users but make sure you lock down the IP addresses
    > >that the smtp server will send/relay messages for otherwise you're inviting
    > >every spammer to do their "work" through your equipment.
    > >
    > >HTH jd
    > >
    > >> Typically the way it would be done is to have it send you a notification
    > >> email...you then log into the application where you accept/decline the new

    > >[quoted text clipped - 58 lines]
    > >> >
    > >> > regards... jason

    >
    >
    > --
    > Message posted via DotNetMonster.com
    > http://www.dotnetmonster.com/Uwe/Forums.aspx/asp-net/200507/1
    >
     
    =?Utf-8?B?bG9uZG9uIGNhbGxpbmc=?=, Jul 6, 2005
    #6
  7. hehe...

    actually my main password would be something like.. capturing the user's
    windows user name
    since the application will be used here in a company so all the windows user
    name are already being set up and couldnt be changed...~ the security part i
    will put it aside as i can alwiz redesign it later on but the most important
    thing for me is the email thing... totally blur about it.. +_+"
    by the way... the email form i did already.. (er.. do you wan to have a look
    on it? if yes.. maybe i can send you an email so that u will have a better
    look on my structure? or you can alwiz email me at )

    i manage to send the email to admin (myself) and all the text user input in
    (lets say FORM 1)
    in form1 user key in text and click the send button..
    email being sent to me witrh the text he wrote in form1
    then in the email there will be a link to form2 (the hyperlink is hidden and
    secure with password * it doesnt matter for the time being) when admin (me)
    go to form 2 is it possible for me to recapture all the text in the email?
    or anyway for me to get back the wat the user typed earlier?

    from there i think i will be able to finish my important part of this
    assignment...

    er.... u clear? hmm... soo sorry for all the troublesome..

    * btw.. your idea quite great ;) maybe it is based on experience ?
    (especially on the security thing..)

    thanks sir...



    london calling wrote:
    >Hi Jason, You may need to think about your architecture...
    >Usually you would have a table in a database for users. In this table could
    >be a field to say whether they are allowed to login (active, suspended,
    >banned etc) and another one to say what roles (or permissions) they have on
    >the site (you would use this information to determine whether the user can
    >contribute / edit content or have access to some or all of the administration
    >screens for instance) .
    >
    >In fact the permissions would often be in a seperate table joined on by
    >PrimaryKey - ForeignKey relationship. This allows one user to be a member of
    >many roles, which means the roles can be finer tuned (e.g to allow access to
    >one admin panel instead of all admin panels).
    >
    >I would suggest you start with...
    >
    >when the user registers (asks for an account) let them choose a password at
    >this point. Store their details in the database but set the AllowedToLogin
    >field to false.
    >Your application then sends you an email saying somebody has requested an
    >account.
    >
    >You then receive the email and go to a page in your application that lists
    >new user requests and from here you set the user to allowed to login (And
    >update the database) or ignore their request.
    >
    >If you accept their request, the application sends them an email confirming
    >that they have been accepted and can log in - and they already know their
    >password.
    >
    >Alternatively your app could autogenerate a password for them and this could
    >be included in the email you send them. Though it would make sense to then
    >allow them to login and change their password to something they can remember.
    >
    >Look at FormsAuthentication in the MSDN Library to find out how ASP.Net
    >authenticates users (checks that they are logged in). Its very simple to set
    >up and can be extended if required.
    >
    >Another thing worth noting: It is more secure if you do not store the raw
    >password in the database. If you hash it first (which you can do with the
    >formsauthentication object or with the cryptography objects) and store the
    >hash in the database. then when the user types their password you hash that
    >and then compare the hashes. This means if somebody gets access to the
    >database table they cannot work out what the raw password is... though it
    >could be argued that the horse is well out of view by then...
    >
    >HTH jd
    >
    >> london
    >>

    >[quoted text clipped - 67 lines]
    >> >> >
    >> >> > regards... jason



    --
    Message posted via http://www.dotnetmonster.com
     
    \jason via DotNetMonster.com\, Jul 7, 2005
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Peter
    Replies:
    0
    Views:
    3,400
    Peter
    Jul 1, 2003
  2. John Silver
    Replies:
    0
    Views:
    624
    John Silver
    Feb 4, 2005
  3. Tee

    Email ErrorPage to email

    Tee, Jun 23, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    389
  4. Chuck Amadi
    Replies:
    1
    Views:
    313
    fishboy
    Jun 6, 2004
  5. pbd22
    Replies:
    1
    Views:
    169
Loading...

Share This Page