stackoom
  简体   繁体   中英

How can I limit registration on ASP.NET starter site?

 原文  2014-03-17 03:09:49       c#/ asp.net/ authentication

Question

ASP.NET newbie question. I'm starting with ASP.NET's Starter Site that comes with a set of built-in registration, authentication pages, and membership DB.

Now my question is, how can I restrict registration to my site? This site is for a patient practice and only patients need access.

I have read about roles, but assigning roles means the user has already registered. I don't want users created in the DB without being authorized either by email or other credentials that an admin will enter prior to registration.

Please let me know the best way to achieve this modification to the starter site template.

Thanks in advance.

1 answers

solution1
 0  2014-03-17 03:40:10

As siva.k mentioned in a comment you can remove the registration process from public access, that means users will not be able to register by themselves, an administrator must be in charge of creating users. This implies that you will need user security roles...at least if you don't want your patients to have access to administrative areas such as user management.

Another approach which will require a bit of more effort is to "send email invitations to your patients". Someone perhaps an administrator simply need to enter (at least) an email address and the system would trigger an email inviting the user to register. Obviously, this will require to have a registration page/view to be publicly accessible, but protected to only users who have been sent out an invitation. Determining whether the user is genuine or not it's quite simple. At the time the system sends out the invitation, it logs an entry in a database record...say an email address, a random unique code and perhaps an expiry date to validate the invitation. The random unique code could be whatever you want but must be unique within the system and most importantly NON-SEQUENTIAL (as in incremental integers or something like that). This code can be sent to the invited patient in the form of a url query string parameter, this url is the link to the registration page. Then, the registration page will extract this code from the url, validate it against the database record, deletes the record and then serves the registration page. If the validation fails you can easily respond with a 403 or 404 http code.

As I said, it requires a bit of effort on your side but you could make it a robust solution you can report on.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can i access to smartcard from ASP.NET site? How can I redirect maintenance site in asp.net How can I expand asp.net identity registration with info from another table? How do I do a registration in ASP.NET MVC? How do I Limit asp:Repeater in asp.NET? suddenly I can't logging ASP.Net Site How can I exceed the 60% Memory Limit of IIS7 in ASP.NET Caching application How can I increase the JSON deserialization MaxDepth limit in my ASP.NET Core webapp How can I serialize entities from an ASP.NET MVC site to XML? How Can I Tell If My Site Is Running ASP.NET MVC or Web Forms?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM