Rick Anderson
GitHub
commit
29c87b9caa
|
|
@ -78,7 +78,11 @@ Add the `[RequireHttps]` attribute to each controller. The `[RequireHttps]` attr
|
||||||
|
|
||||||
It's a best practice to confirm the email of a new user registration to verify they are not impersonating someone else (that is, they haven't registered with someone else's email). Suppose you had a discussion forum, you would want to prevent "bob@example.com" from registering as "joe@contoso.com". Without email confirmation, "joe@contoso.com" could get unwanted email from your app. Suppose Bob accidentally registered as "bib@example.com" and hadn't noticed it, he wouldn't be able to use password recovery because the app doesn't have his correct email. Email confirmation provides only limited protection from bots and doesn't provide protection from determined spammers who have many working email aliases they can use to register.
|
It's a best practice to confirm the email of a new user registration to verify they are not impersonating someone else (that is, they haven't registered with someone else's email). Suppose you had a discussion forum, you would want to prevent "bob@example.com" from registering as "joe@contoso.com". Without email confirmation, "joe@contoso.com" could get unwanted email from your app. Suppose Bob accidentally registered as "bib@example.com" and hadn't noticed it, he wouldn't be able to use password recovery because the app doesn't have his correct email. Email confirmation provides only limited protection from bots and doesn't provide protection from determined spammers who have many working email aliases they can use to register.
|
||||||
|
|
||||||
You generally want to prevent new users from posting any data to your web site before they have been confirmed by email, an SMS text message, or another mechanism. In the sections below, we will enable email confirmation and modify the code to prevent newly registered users from logging in until their email has been confirmed.
|
You generally want to prevent new users from posting any data to your web site before they have a confirmed email. In the sections below, we will enable email confirmation and modify the code to prevent newly registered users from logging in until their email has been confirmed.
|
||||||
|
|
||||||
|
Update `ConfigureServices` to require a confirmed email:
|
||||||
|
|
||||||
|
[!code-csharp[Main](accconfirm/sample/WebApplication3/src/WebApplication3/Startup.cs?highlight=11&name=snippet1)]
|
||||||
|
|
||||||
### Configure email provider
|
### Configure email provider
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -41,6 +41,7 @@ namespace WebApplication3
|
||||||
public IConfigurationRoot Configuration { get; }
|
public IConfigurationRoot Configuration { get; }
|
||||||
|
|
||||||
// This method gets called by the runtime. Use this method to add services to the container.
|
// This method gets called by the runtime. Use this method to add services to the container.
|
||||||
|
#region snippet1
|
||||||
public void ConfigureServices(IServiceCollection services)
|
public void ConfigureServices(IServiceCollection services)
|
||||||
{
|
{
|
||||||
// Add framework services.
|
// Add framework services.
|
||||||
|
|
@ -49,7 +50,10 @@ namespace WebApplication3
|
||||||
services.AddDbContext<ApplicationDbContext>(options =>
|
services.AddDbContext<ApplicationDbContext>(options =>
|
||||||
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
|
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
|
||||||
|
|
||||||
services.AddIdentity<ApplicationUser, IdentityRole>()
|
services.AddIdentity<ApplicationUser, IdentityRole>(config =>
|
||||||
|
{
|
||||||
|
config.SignIn.RequireConfirmedEmail = true;
|
||||||
|
})
|
||||||
.AddEntityFrameworkStores<ApplicationDbContext>()
|
.AddEntityFrameworkStores<ApplicationDbContext>()
|
||||||
.AddDefaultTokenProviders();
|
.AddDefaultTokenProviders();
|
||||||
|
|
||||||
|
|
@ -65,6 +69,7 @@ namespace WebApplication3
|
||||||
options.Filters.Add(new RequireHttpsAttribute());
|
options.Filters.Add(new RequireHttpsAttribute());
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
#endregion
|
||||||
|
|
||||||
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
|
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
|
||||||
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
|
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
|
||||||
|
|
|
||||||
|
|
@ -1,7 +0,0 @@
|
||||||
/// <autosync enabled="true" />
|
|
||||||
/// <reference path="../gulpfile.js" />
|
|
||||||
/// <reference path="js/site.js" />
|
|
||||||
/// <reference path="lib/bootstrap/dist/js/bootstrap.js" />
|
|
||||||
/// <reference path="lib/jquery/dist/jquery.js" />
|
|
||||||
/// <reference path="lib/jquery-validation/dist/jquery.validate.js" />
|
|
||||||
/// <reference path="lib/jquery-validation-unobtrusive/jquery.validate.unobtrusive.js" />
|
|
||||||
|
|
@ -1,44 +0,0 @@
|
||||||
body {
|
|
||||||
padding-top: 50px;
|
|
||||||
padding-bottom: 20px;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Wrapping element */
|
|
||||||
/* Set some basic padding to keep content from hitting the edges */
|
|
||||||
.body-content {
|
|
||||||
padding-left: 15px;
|
|
||||||
padding-right: 15px;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Set widths on the form inputs since otherwise they're 100% wide */
|
|
||||||
input,
|
|
||||||
select,
|
|
||||||
textarea {
|
|
||||||
max-width: 280px;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Carousel */
|
|
||||||
.carousel-caption p {
|
|
||||||
font-size: 20px;
|
|
||||||
line-height: 1.4;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* buttons and links extension to use brackets: [ click me ] */
|
|
||||||
.btn-bracketed::before {
|
|
||||||
display:inline-block;
|
|
||||||
content: "[";
|
|
||||||
padding-right: 0.5em;
|
|
||||||
}
|
|
||||||
.btn-bracketed::after {
|
|
||||||
display:inline-block;
|
|
||||||
content: "]";
|
|
||||||
padding-left: 0.5em;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Hide/rearrange for smaller screens */
|
|
||||||
@media screen and (max-width: 767px) {
|
|
||||||
/* Hide captions */
|
|
||||||
.carousel-caption {
|
|
||||||
display: none
|
|
||||||
}
|
|
||||||
}
|
|
||||||
Binary file not shown.
|
Before Width: | Height: | Size: 31 KiB |
File diff suppressed because one or more lines are too long
|
Before Width: | Height: | Size: 9.5 KiB |
File diff suppressed because one or more lines are too long
|
Before Width: | Height: | Size: 8.2 KiB |
File diff suppressed because one or more lines are too long
|
Before Width: | Height: | Size: 11 KiB |
File diff suppressed because one or more lines are too long
|
Before Width: | Height: | Size: 12 KiB |
|
|
@ -1 +0,0 @@
|
||||||
// Write your Javascript code.
|
|
||||||
Loading…
Reference in New Issue