«

currently i am doing a personal website and keep on changing the aspect...
finally the finall decision is to have a login page (requirement in asp.net,
vb.net) and the login with security part of capturing user computer user name
i have done...
my problem is ....

i need the unregistered user to log in to my site and from there there will
be a link for them to key in their short information in a textbox and a html
email will be sent to me (as an admin) whether to accept the request or not..
~ so when i receive the html type email.. there will be extra 2 buttons (for
me to accept or reject the request right?) so is it possible to make it done?
sending using smtp server? tat is fine for me as i can use the server being
provided by our school in which i had already been given permission to do so..
..

so when the button accept being pressed.... it will automatically being saved
to my database (i am using MS access) and the user can gain access to the
site..

sending a html email? is it really can be done with ease? as i am new in .net
.... coz i am still stick to vb6.0 and find it .net quite troublesome... can
you please help me?

on every situation.. an email will be replied to the user stating his or her
status on the request..

as far as i know.. in every commersial website this can be done says for
example.. when i go to their site, and click permission to get access.. an
email will be sent to them right? then maybe it will go through a system
(server ) and then redirect the mail to admin and admin just response to the
mail.. after that the replying thing will be done solely by the system
(server)... is this how the system goes? is i am wrong....
that is the thing i wish to do but to no avail.. so really hope that you
could help in this.. thanks...

thank you...

regards... jason


--
Message posted via DotNetMonster.com
http://www.dotnetmonster.com/Uwe/For...p-net/200507/1

Typically the way it would be done is to have it send you a notification
email...you then log into the application where you accept/decline the new
account.

The problem with doing it straight from the email is that it won't at all be
secure...there'll be no way for the application to verify that you are
indeed the one clicking the ok...

Karl

--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)


""jason via DotNetMonster.com"" <> wrote in message
news:...
> currently i am doing a personal website and keep on changing the aspect...
> finally the finall decision is to have a login page (requirement in
> asp.net,
> vb.net) and the login with security part of capturing user computer user
> name
> i have done...
> my problem is ....
>
> i need the unregistered user to log in to my site and from there there
> will
> be a link for them to key in their short information in a textbox and a
> html
> email will be sent to me (as an admin) whether to accept the request or
> not..
> ~ so when i receive the html type email.. there will be extra 2 buttons
> (for
> me to accept or reject the request right?) so is it possible to make it
> done?
> sending using smtp server? tat is fine for me as i can use the server
> being
> provided by our school in which i had already been given permission to do
> so..
> .
>
> so when the button accept being pressed.... it will automatically being
> saved
> to my database (i am using MS access) and the user can gain access to the
> site..
>
> sending a html email? is it really can be done with ease? as i am new in
> .net
> ... coz i am still stick to vb6.0 and find it .net quite troublesome...
> can
> you please help me?
>
> on every situation.. an email will be replied to the user stating his or
> her
> status on the request..
>
> as far as i know.. in every commersial website this can be done says for
> example.. when i go to their site, and click permission to get access.. an
> email will be sent to them right? then maybe it will go through a system
> (server ) and then redirect the mail to admin and admin just response to
> the
> mail.. after that the replying thing will be done solely by the system
> (server)... is this how the system goes? is i am wrong....
> that is the thing i wish to do but to no avail.. so really hope that you
> could help in this.. thanks...
>
> thank you...
>
> regards... jason
>
>
> --
> Message posted via DotNetMonster.com
> http://www.dotnetmonster.com/Uwe/For...p-net/200507/1

Hi Jason, Following up on Karl's post, it would be unusual to activate
accounts directly from an email, as this would imply that all you had to do
would be to create a POST or GET to the server to activate the new account.

In response to the Html Email part of the question: Creating one is very
simple
look at the System.Web.Mail namespace

e.g

'typically you only need to set the mail server once
Web.Mail.SmtpMail.SmtpServer = "My SMTP Server"

Dim m As New System.Web.Mail.MailMessage
With m
.To = myRecipientEmailAddress
.From = myEmailAddress
.Subject = myMessageSubject
.BodyFormat = Mail.MailFormat.Html
.Body = myHtmlEmailString
End With

Web.Mail.SmtpMail.Send(m)

If you want to send images embedded into the email it gets slightly more
complicated but can be done with MailAttachment objects and UrlContent* params

Note that the native .Net mail components do not allow for authentication
with an smtp server which in some cases may make it unworkable and you may
need to look at 3rd party components. If it's your own smtp server (e.g IIS)
you can allow anonymous users but make sure you lock down the IP addresses
that the smtp server will send/relay messages for otherwise you're inviting
every spammer to do their "work" through your equipment.

HTH jd

"Karl Seguin" wrote:

> Typically the way it would be done is to have it send you a notification
> email...you then log into the application where you accept/decline the new
> account.
>
> The problem with doing it straight from the email is that it won't at all be
> secure...there'll be no way for the application to verify that you are
> indeed the one clicking the ok...
>
> Karl
>
> --
> MY ASP.Net tutorials
> http://www.openmymind.net/ - New and Improved (yes, the popup is annoying)
> http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
> come!)
>
>
> ""jason via DotNetMonster.com"" <> wrote in message
> news:...
> > currently i am doing a personal website and keep on changing the aspect...
> > finally the finall decision is to have a login page (requirement in
> > asp.net,
> > vb.net) and the login with security part of capturing user computer user
> > name
> > i have done...
> > my problem is ....
> >
> > i need the unregistered user to log in to my site and from there there
> > will
> > be a link for them to key in their short information in a textbox and a
> > html
> > email will be sent to me (as an admin) whether to accept the request or
> > not..
> > ~ so when i receive the html type email.. there will be extra 2 buttons
> > (for
> > me to accept or reject the request right?) so is it possible to make it
> > done?
> > sending using smtp server? tat is fine for me as i can use the server
> > being
> > provided by our school in which i had already been given permission to do
> > so..
> > .
> >
> > so when the button accept being pressed.... it will automatically being
> > saved
> > to my database (i am using MS access) and the user can gain access to the
> > site..
> >
> > sending a html email? is it really can be done with ease? as i am new in
> > .net
> > ... coz i am still stick to vb6.0 and find it .net quite troublesome...
> > can
> > you please help me?
> >
> > on every situation.. an email will be replied to the user stating his or
> > her
> > status on the request..
> >
> > as far as i know.. in every commersial website this can be done says for
> > example.. when i go to their site, and click permission to get access.. an
> > email will be sent to them right? then maybe it will go through a system
> > (server ) and then redirect the mail to admin and admin just response to
> > the
> > mail.. after that the replying thing will be done solely by the system
> > (server)... is this how the system goes? is i am wrong....
> > that is the thing i wish to do but to no avail.. so really hope that you
> > could help in this.. thanks...
> >
> > thank you...
> >
> > regards... jason
> >
> >
> > --
> > Message posted via DotNetMonster.com
> > http://www.dotnetmonster.com/Uwe/For...p-net/200507/1
>
>
>

Karl Seguin -
yupe i also did figure about this security matter~
so now i thought of something...`
when user fill in 2 textbox from a page then then click a button.... then
function of the button is to send me email..~ so when i receive that email,
there will display back wat they have written (how can i do this.. ? sorri
coz i am new in .net ) and then there will be a link... the link will
redirect me to another page where onli admin can get acces to it.. (will
require password - this one i know how to do it)
then onli admin will accept or reject... but how would the admin accept or
reject? it means.. wat the user key in earlier will be displayed in the email
AND then display it in the new form right? so how can we do this?can we get
the text from the email and then put it back to the text in the admin page?
ai...~ totally have no idea on how to do?:S

so will have to please teach me step by step to do it..~ so that i can learn
more...~

so this matter will be much more secure right? if the user suddenly get the
link but for sure without password he or she kenot get in to the admin page ?
then in the admin page, when admin accept the user... and save to database
(access) just a button to be click right? the process will be ... ? and then
email will be sent back to the user...~
so how can i get the user email AUTOMATICALLY from the earliest page or the
email?

huh.. quite troublesome? thanks for answering..~ but really in need your help
/. thanbks..~

Karl Seguin wrote:
>Typically the way it would be done is to have it send you a notification
>email...you then log into the application where you accept/decline the new
>account.
>
>The problem with doing it straight from the email is that it won't at all be
>secure...there'll be no way for the application to verify that you are
>indeed the one clicking the ok...
>
>Karl
>
>> currently i am doing a personal website and keep on changing the aspect...
>> finally the finall decision is to have a login page (requirement in
>[quoted text clipped - 48 lines]
>>
>> regards... jason


--
Message posted via DotNetMonster.com
http://www.dotnetmonster.com/Uwe/For...p-net/200507/1

london





yupe i also did figure about this security matter~
so now i thought of something...`
when user fill in 2 textbox from a page then then click a button.... then
function of the button is to send me email..~ so when i receive that email,
there will display back wat they have written (how can i do this.. ? sorri
coz i am new in .net ) and then there will be a link... the link will
redirect me to another page where onli admin can get acces to it.. (will
require password - this one i know how to do it)
then onli admin will accept or reject... but how would the admin accept or
reject? it means.. wat the user key in earlier will be displayed in the email
AND then display it in the new form right? so how can we do this?can we get
the text from the email and then put it back to the text in the admin page?
ai...~ totally have no idea on how to do?:S

so will have to please teach me step by step to do it..~ so that i can learn
more...~

so this matter will be much more secure right? if the user suddenly get the
link but for sure without password he or she kenot get in to the admin page ?
then in the admin page, when admin accept the user... and save to database
(access) just a button to be click right? the process will be ... ? and then
email will be sent back to the user...~
so how can i get the user email AUTOMATICALLY from the earliest page or the
email?

huh.. quite troublesome? thanks for answering..~ but really in need your help
/. thanbks..~












london calling wrote:
>Hi Jason, Following up on Karl's post, it would be unusual to activate
>accounts directly from an email, as this would imply that all you had to do
>would be to create a POST or GET to the server to activate the new account.
>
>In response to the Html Email part of the question: Creating one is very
>simple
>look at the System.Web.Mail namespace
>
>e.g
>
> 'typically you only need to set the mail server once
> Web.Mail.SmtpMail.SmtpServer = "My SMTP Server"
>
> Dim m As New System.Web.Mail.MailMessage
> With m
> .To = myRecipientEmailAddress
> .From = myEmailAddress
> .Subject = myMessageSubject
> .BodyFormat = Mail.MailFormat.Html
> .Body = myHtmlEmailString
> End With
>
> Web.Mail.SmtpMail.Send(m)
>
>If you want to send images embedded into the email it gets slightly more
>complicated but can be done with MailAttachment objects and UrlContent* params
>
>Note that the native .Net mail components do not allow for authentication
>with an smtp server which in some cases may make it unworkable and you may
>need to look at 3rd party components. If it's your own smtp server (e.g IIS)
>you can allow anonymous users but make sure you lock down the IP addresses
>that the smtp server will send/relay messages for otherwise you're inviting
>every spammer to do their "work" through your equipment.
>
>HTH jd
>
>> Typically the way it would be done is to have it send you a notification
>> email...you then log into the application where you accept/decline the new
>[quoted text clipped - 58 lines]
>> >
>> > regards... jason


--
Message posted via DotNetMonster.com
http://www.dotnetmonster.com/Uwe/For...p-net/200507/1

Hi Jason, You may need to think about your architecture...
Usually you would have a table in a database for users. In this table could
be a field to say whether they are allowed to login (active, suspended,
banned etc) and another one to say what roles (or permissions) they have on
the site (you would use this information to determine whether the user can
contribute / edit content or have access to some or all of the administration
screens for instance) .

In fact the permissions would often be in a seperate table joined on by
PrimaryKey - ForeignKey relationship. This allows one user to be a member of
many roles, which means the roles can be finer tuned (e.g to allow access to
one admin panel instead of all admin panels).

I would suggest you start with...

when the user registers (asks for an account) let them choose a password at
this point. Store their details in the database but set the AllowedToLogin
field to false.
Your application then sends you an email saying somebody has requested an
account.

You then receive the email and go to a page in your application that lists
new user requests and from here you set the user to allowed to login (And
update the database) or ignore their request.

If you accept their request, the application sends them an email confirming
that they have been accepted and can log in - and they already know their
password.

Alternatively your app could autogenerate a password for them and this could
be included in the email you send them. Though it would make sense to then
allow them to login and change their password to something they can remember.

Look at FormsAuthentication in the MSDN Library to find out how ASP.Net
authenticates users (checks that they are logged in). Its very simple to set
up and can be extended if required.

Another thing worth noting: It is more secure if you do not store the raw
password in the database. If you hash it first (which you can do with the
formsauthentication object or with the cryptography objects) and store the
hash in the database. then when the user types their password you hash that
and then compare the hashes. This means if somebody gets access to the
database table they cannot work out what the raw password is... though it
could be argued that the horse is well out of view by then...

HTH jd

""jason via DotNetMonster.com"" wrote:

> london
>
>
>
>
>
> yupe i also did figure about this security matter~
> so now i thought of something...`
> when user fill in 2 textbox from a page then then click a button.... then
> function of the button is to send me email..~ so when i receive that email,
> there will display back wat they have written (how can i do this.. ? sorri
> coz i am new in .net ) and then there will be a link... the link will
> redirect me to another page where onli admin can get acces to it.. (will
> require password - this one i know how to do it)
> then onli admin will accept or reject... but how would the admin accept or
> reject? it means.. wat the user key in earlier will be displayed in the email
> AND then display it in the new form right? so how can we do this?can we get
> the text from the email and then put it back to the text in the admin page?
> ai...~ totally have no idea on how to do?:S
>
> so will have to please teach me step by step to do it..~ so that i can learn
> more...~
>
> so this matter will be much more secure right? if the user suddenly get the
> link but for sure without password he or she kenot get in to the admin page ?
> then in the admin page, when admin accept the user... and save to database
> (access) just a button to be click right? the process will be ... ? and then
> email will be sent back to the user...~
> so how can i get the user email AUTOMATICALLY from the earliest page or the
> email?
>
> huh.. quite troublesome? thanks for answering..~ but really in need your help
> /. thanbks..~
>
>
>
>
>
>
>
>
>
>
>
>
> london calling wrote:
> >Hi Jason, Following up on Karl's post, it would be unusual to activate
> >accounts directly from an email, as this would imply that all you had to do
> >would be to create a POST or GET to the server to activate the new account.
> >
> >In response to the Html Email part of the question: Creating one is very
> >simple
> >look at the System.Web.Mail namespace
> >
> >e.g
> >
> > 'typically you only need to set the mail server once
> > Web.Mail.SmtpMail.SmtpServer = "My SMTP Server"
> >
> > Dim m As New System.Web.Mail.MailMessage
> > With m
> > .To = myRecipientEmailAddress
> > .From = myEmailAddress
> > .Subject = myMessageSubject
> > .BodyFormat = Mail.MailFormat.Html
> > .Body = myHtmlEmailString
> > End With
> >
> > Web.Mail.SmtpMail.Send(m)
> >
> >If you want to send images embedded into the email it gets slightly more
> >complicated but can be done with MailAttachment objects and UrlContent* params
> >
> >Note that the native .Net mail components do not allow for authentication
> >with an smtp server which in some cases may make it unworkable and you may
> >need to look at 3rd party components. If it's your own smtp server (e.g IIS)
> >you can allow anonymous users but make sure you lock down the IP addresses
> >that the smtp server will send/relay messages for otherwise you're inviting
> >every spammer to do their "work" through your equipment.
> >
> >HTH jd
> >
> >> Typically the way it would be done is to have it send you a notification
> >> email...you then log into the application where you accept/decline the new
> >[quoted text clipped - 58 lines]
> >> >
> >> > regards... jason
>
>
> --
> Message posted via DotNetMonster.com
> http://www.dotnetmonster.com/Uwe/For...p-net/200507/1
>

hehe...

actually my main password would be something like.. capturing the user's
windows user name
since the application will be used here in a company so all the windows user
name are already being set up and couldnt be changed...~ the security part i
will put it aside as i can alwiz redesign it later on but the most important
thing for me is the email thing... totally blur about it.. +_+"
by the way... the email form i did already.. (er.. do you wan to have a look
on it? if yes.. maybe i can send you an email so that u will have a better
look on my structure? or you can alwiz email me at )

i manage to send the email to admin (myself) and all the text user input in
(lets say FORM 1)
in form1 user key in text and click the send button..
email being sent to me witrh the text he wrote in form1
then in the email there will be a link to form2 (the hyperlink is hidden and
secure with password * it doesnt matter for the time being) when admin (me)
go to form 2 is it possible for me to recapture all the text in the email?
or anyway for me to get back the wat the user typed earlier?

from there i think i will be able to finish my important part of this
assignment...

er.... u clear? hmm... soo sorry for all the troublesome..

* btw.. your idea quite great maybe it is based on experience ?
(especially on the security thing..)

thanks sir...



london calling wrote:
>Hi Jason, You may need to think about your architecture...
>Usually you would have a table in a database for users. In this table could
>be a field to say whether they are allowed to login (active, suspended,
>banned etc) and another one to say what roles (or permissions) they have on
>the site (you would use this information to determine whether the user can
>contribute / edit content or have access to some or all of the administration
>screens for instance) .
>
>In fact the permissions would often be in a seperate table joined on by
>PrimaryKey - ForeignKey relationship. This allows one user to be a member of
>many roles, which means the roles can be finer tuned (e.g to allow access to
>one admin panel instead of all admin panels).
>
>I would suggest you start with...
>
>when the user registers (asks for an account) let them choose a password at
>this point. Store their details in the database but set the AllowedToLogin
>field to false.
>Your application then sends you an email saying somebody has requested an
>account.
>
>You then receive the email and go to a page in your application that lists
>new user requests and from here you set the user to allowed to login (And
>update the database) or ignore their request.
>
>If you accept their request, the application sends them an email confirming
>that they have been accepted and can log in - and they already know their
>password.
>
>Alternatively your app could autogenerate a password for them and this could
>be included in the email you send them. Though it would make sense to then
>allow them to login and change their password to something they can remember.
>
>Look at FormsAuthentication in the MSDN Library to find out how ASP.Net
>authenticates users (checks that they are logged in). Its very simple to set
>up and can be extended if required.
>
>Another thing worth noting: It is more secure if you do not store the raw
>password in the database. If you hash it first (which you can do with the
>formsauthentication object or with the cryptography objects) and store the
>hash in the database. then when the user types their password you hash that
>and then compare the hashes. This means if somebody gets access to the
>database table they cannot work out what the raw password is... though it
>could be argued that the horse is well out of view by then...
>
>HTH jd
>
>> london
>>
>[quoted text clipped - 67 lines]
>> >> >
>> >> > regards... jason


--
Message posted via http://www.dotnetmonster.com