Reputation: 715
How to add Account Confirmation using WebApi without Identity
I have a WebApi project with Cors for the Authentication with Token and SendGrid for e-mails. I need to create a method to Send a E-mail to the user so he could confirm the Account, the problem is, I always found using IDENTITY and is something that I'm not working with. I found this tutorial and this one and I was trying to "adapt" to my Code, but its almost impossible, because its all with IDENTITY.
This is What I have..
Startup class :
public void ConfigureAuth(IAppBuilder app)
{
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
// Ativar o método para gerar o OAuth Token
app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions()
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(300),
AllowInsecureHttp = true
});
}
And my Provider :
public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext c)
{
try
{
using (var context = new CegonhaContext())
{
var passValue = context.Users.Where(x => x.Email == c.UserName)
.Select(x => x.PasswordHash).FirstOrDefault();
var exist = Hashing.ValidatePassword(c.Password, passValue);
if (exist)
{
Claim claim = new Claim(ClaimTypes.Name, c.UserName);
Claim[] claims = new Claim[] { claim };
ClaimsIdentity claimsIdentity = new ClaimsIdentity(
claims, OAuthDefaults.AuthenticationType);
c.Validated(claimsIdentity);
}
return Task.FromResult<object>(null);
}
}
catch (Exception)
{
return Task.FromResult<object>(null);
}
}
And my Model Table:
public partial class Users
{
[Key]
public int id_users { get; set; }
[StringLength(40)]
public string Email { get; set; }
public byte PhoneConfirmation { get; set; }
public string PasswordHash { get; set; }
public int LoginAttempt { get; set; }
[StringLength(10)]
public string UserProvider { get; set; }
public DateTime? Datepost { get; set; }
public int? EmailConfirmd { get; set; }
//public string Timepost { get; set; }
public int? id_users_data { get; set; }
public virtual Users_data Users_data { get; set; }
}
But I have no idea how to implement a E-mail Confirmation.
Upvotes: 1
Views: 908
Answers (1)
Reputation: 363
What you are trying to do in your code is custom validation, this is why you are not able to use the identity examples. This means that any extra logic you want in your application you have to program that your self.
This includes send a custom validation email and handling the subsequent action of a user clicking the validation link. Because you are using ASP.NET MVC this means you could create an action that handles a verification link. This means that when a user wants to sign-up you create an email with a link (containing some kind of one-time-token, do not confuse this with the OAUTH token). Then when a user clicks this link an asp.net mvc action could handle this request.
This brings me back with the identity.net examples. Rolling your own signin / verification and authentication methods is pretty hard en error-prone. This is why using an off-the-self method like asp.net identity is better most of the times.
Upvotes: 1
Related Questions
- Email Confirmation with MVC 5 and Asp.net Identity
- Confirm Email in asp.net core web api
- Asp.net core force user to confirm email
- ASP.NET Identity Email Confirmation Invalid Token
- ASP.NET Web API 2 Forcing the requirement to confirm email
- ASP.NET Identity 2.2.1 - send confirmation email with code, not with link
- What is the best way to Confirm Email in Web API 2 using Identity 2?
- WebClient FormsAuthentication in WebAPI
- How to validate email in ASP.NET Web API 2.0?
- Email Verification URL in ASP.NET WEB API