How to Implement Invitation Codes in ASP.NET MVC

Question

I have a web application built in asp.net mvc using forms authentication.

I am wondering how to properly implement a system in which new users must enter an invitation code in order to create an account on my site.

Basically, I want to use the out of the box Account Controller and models as much as possible for account creation.

Do I just need to block access to the Registration page if a user does not enter a valid invite code?

Any examples on how to accomplish this?

UPDATE:

It seems that the easiest solution would be to just make confirmation code a required field on the Registration page. However, I feel that this is not the most elegant way to solve this problem.

Another idea: Have the Registation page GET method take InviteCode as a parameter(passed in the query string) and redirect to another page if the code is null or invalid. Does anyone see any problems with this approach?

Answer 1

As an end user, I would want to enter in the code before I ever get to my account details. If I enter them in only to find out I have an invalid code, I'd be pretty angry.

So your options would likely be:

1. They enter up front (as mentioned on the reg page)
2. Enter them on the same registration page, hiding applicable form elements. 2a. Reg code is checked by ajax, and account details appear.

Reg code is posted along with account details for additional verification.

Remote validation can be used, json calls, etc to check the field.

Remote validation: http://completedevelopment.blogspot.com/2011/08/remote-ajax-validation-in-mvc3.html

or a json call to validate, or front page, or.. the options here are really up to you. The validation of the token should be easy enough and doesn't have to be related at all to your account code.