Kevin Maxwell
Reputation: 907
How to check whether the "User" has a confirmed E-mail inside ASP.NET Identity (Web Forms)?
On my login page I want to implement a system, whereby if the user exists but doesn't have a confirmed email (IsEmailConfirmed), the user needs to verify/confirm the email.
I don't have any problem re-sending the confirmation code, my issue is where to put the statement and how make sure the users enter the correct username and password (Users should be valid).
Login (Code Behind)
protected void LogIn(object sender, EventArgs e)
{
// Validate the user password
var manager = Context.GetOwinContext().GetUserManager<ApplicationUserManager>();
var signinManager = Context.GetOwinContext().GetUserManager<ApplicationSignInManager>();
// Require the user to have a confirmed email before they can log on.
var user = manager.FindByName(username.Text);
if (IsValid)
{
if (user != null)
{
// This doen't count login failures towards account lockout
// To enable password failures to trigger lockout, change to shouldLockout: true
var result = signinManager.PasswordSignIn(username.Text, Password.Text, RememberMe.Checked, shouldLockout: true);
switch (result)
{
case SignInStatus.Success:
IdentityHelper.RedirectToReturnUrl(Request.QueryString["ReturnUrl"],
Response);
break;
case SignInStatus.LockedOut:
//Response.Redirect("/Account/Lockout");
FailureText.Text = "This account has been locked out, please try again later.";
ErrorMessage.Visible = true;
return;
case SignInStatus.RequiresVerification:
Response.Redirect(String.Format("/Account/TwoFactorAuthenticationSignIn?ReturnUrl={0}&RememberMe={1}",
Request.QueryString["ReturnUrl"],
RememberMe.Checked),
true);
break;
case SignInStatus.Failure:
default:
FailureText.Text = "Invalid login attempt";
ErrorMessage.Visible = true;
break;
}
}
}
else
{
FailureText.Text = "Account not found.";
ErrorMessage.Visible = true;
}
//else if (IsValid & !manager.IsEmailConfirmed(user.Id))
//{
// ScriptManager.RegisterStartupScript(this, this.GetType(), "LaunchServerSide", "$(function() { OpenLoginModal(); });", true);
// LoginModalTitle.Text = "Account Verification".ToUpper();
// LoginModalDetails.Text = "You must have a confirmed email account.";
// //ErrorMessage.Visible = true;
// //ResendConfirm.Visible = true;
//}
}
I appreciate your efforts in reaching a solution for my problem
Upvotes: 4
Views: 6734
Answers (3)
مهدی
Reputation: 442
in .NET 7 Login.cshtml.cs
if (result.IsLockedOut)
{
_logger.LogWarning("User account locked out.");
return RedirectToPage("./Lockout");
}
if (result.IsNotAllowed)
{
var user = _signInManager.UserManager.FindByEmailAsync(Input.Email);
if (user != null)
{
if (!user.Result.EmailConfirmed)
{
ModelState.AddModelError(string.Empty, "Account isn't active, Get Your Email & click on Active link, ");
}
}
else
{
ModelState.AddModelError(string.Empty, "incorrect username or password");//Email not found
}
}
else
{
ModelState.AddModelError(string.Empty, "incorrect username or password");
return Page();
}
Upvotes: 0
Joachim
Reputation: 360
If I understand correct: You want to make sure that both username and password is correct before we check if account is active?
protected void LogIn(object sender, EventArgs e)
{
var manager = Context.GetOwinContext().GetUserManager<ApplicationUserManager>();
var signinManager = Context.GetOwinContext().GetUserManager<ApplicationSignInManager>();
var user = manager.FindByName(username.Text);
if (IsValid)
{
if (user != null)
{
var result = signinManager.PasswordSignIn(username.Text, Password.Text, RememberMe.Checked, shouldLockout: true);
// If username and password is correct check if account is activated.
if(!user.EmailConfirmed && result == SignInStatus.Success)
{
FailureText.Text = "Invalid login attempt. You must have a confirmed email account.";
ErrorMessage.Visible = true;
return;
}
switch (result)
{
case SignInStatus.Success:
IdentityHelper.RedirectToReturnUrl(Request.QueryString["ReturnUrl"],
Response);
break;
case SignInStatus.LockedOut:
//Response.Redirect("/Account/Lockout");
FailureText.Text = "This account has been locked out, please try again later.";
ErrorMessage.Visible = true;
return;
case SignInStatus.RequiresVerification:
Response.Redirect(String.Format("/Account/TwoFactorAuthenticationSignIn?ReturnUrl={0}&RememberMe={1}",
Request.QueryString["ReturnUrl"],
RememberMe.Checked),
true);
break;
case SignInStatus.Failure:
default:
FailureText.Text = "Invalid login attempt";
ErrorMessage.Visible = true;
break;
}
}
else
{
FailureText.Text = "Account not found.";
ErrorMessage.Visible = true;
}
}
}
Upvotes: 3
schei1
Reputation: 2487
A slight modification is needed to check if the user is confirmed. You need to check the IsEmailConfirmed property to see if the user has confirmed the account or not.
This article explains the flow and how to perform these actions pretty nicely. Snippet below is snatched from that article.
var user = manager.FindByName(Email.Text);
if (user != null)
{
if (!user.EmailConfirmed)
{
FailureText.Text = "Invalid login attempt. You must have a confirmed email address. Enter your email and password, then press 'Resend Confirmation'.";
ErrorMessage.Visible = true;
ResendConfirm.Visible = true;
}
else
{
// your other logic goes here if the user is confirmed.
....
}
}
else
{
// user does not exist.
}
Upvotes: 2
Related Questions
- Verify login credentials before notifying that email address needs to be confirmed
- How to verify if an email address exists in the AspNetUsers table in Asp.Net Core
- Checking Identity Email token validity
- Get E-mail of User Authenticated with Microsoft Account in ASP.NET Identity
- Prevent login when EmailConfirmed is false
- How to check whether user email id is existing or not using asp.net?
- .NET Identity Email Confirmed Bool
- Asp.net Identity email validation not working
- How to check email address exists or not using ASP.NET?
- How can i validate an email address and password is correct in asp.net?