locked
How can I require that a user verify their email address to stay logged in to a asp.net/vb.net web forms application. RRS feed

  • Question

  • User-1035489207 posted

    I am using the template asp.net/vb.net web forms application with individual user accounts in VS 2017.  I have it setup for email verification and that is working fine.  However, although the user receives a verification email upon registration, they are still allowed to stay logged in without clicking the link in the verification email.  The only thing that they can't do without verifying their email is get a password recovery email or change their password.  I would like to be able force them to verify their email before remaining logged into the site.

    I assume that I need to make changes to the code below, but I cannot figure out how/what to change.

    Protected Sub LogIn(sender As Object, e As EventArgs)
            If IsValid Then
                ' Validate the user password
                Dim manager = Context.GetOwinContext().GetUserManager(Of ApplicationUserManager)()
                Dim signinManager = Context.GetOwinContext().GetUserManager(Of ApplicationSignInManager)()
    
    			' This doesn't count login failures towards account lockout
    			' To enable password failures to trigger lockout, change to shouldLockout := True
    			Dim result = signinManager.PasswordSignIn(Email.Text, Password.Text, RememberMe.Checked, shouldLockout := False)
    
                Select Case result
                    Case SignInStatus.Success
                        IdentityHelper.RedirectToReturnUrl(Request.QueryString("ReturnUrl"), Response)
                        Exit Select
                    Case SignInStatus.LockedOut
                        Response.Redirect("/Account/Lockout")
                        Exit Select
                    Case SignInStatus.RequiresVerification
                        Response.Redirect(String.Format("/Account/TwoFactorAuthenticationSignIn?ReturnUrl={0}&RememberMe={1}",
                                                        Request.QueryString("ReturnUrl"),
                                                        RememberMe.Checked),
                                          True)
                        Exit Select
                    Case Else
                        FailureText.Text = "Invalid login attempt"
                        ErrorMessage.Visible = True
                        Exit Select
                End Select
            End If
        End Sub

    Friday, June 21, 2019 3:31 PM

Answers

  • User839733648 posted

    Hi JamberFX,

    According to your descriptiona and code, I've made a test on my side.

    And I suggest that you should add an if statement to require the user to have a confirmed email before they can log on.

    You may add the following highlighted changes to your code.

    Protected Sub LogIn(ByVal sender As Object, ByVal e As EventArgs)
        If IsValid Then
            Dim manager = Context.GetOwinContext().GetUserManager(Of ApplicationUserManager)()
            Dim signinManager = Context.GetOwinContext().GetUserManager(Of ApplicationSignInManager)()
    Dim user = manager.FindByName(Email.Text) If user IsNot Nothing Then If Not user.EmailConfirmed Then FailureText.Text = "Invalid login attempt. You must have a confirmed email account." ErrorMessage.Visible = True Else Dim result = signinManager.PasswordSignIn(Email.Text, Password.Text, RememberMe.Checked, shouldLockout:=False) Select Case result Case SignInStatus.Success IdentityHelper.RedirectToReturnUrl(Request.QueryString("ReturnUrl"), Response) Case SignInStatus.LockedOut Response.Redirect("/Account/Lockout") Case SignInStatus.RequiresVerification Response.Redirect(String.Format("/Account/TwoFactorAuthenticationSignIn?ReturnUrl={0}&RememberMe={1}", Request.QueryString("ReturnUrl"), RememberMe.Checked), True) Case Else FailureText.Text = "Invalid login attempt" ErrorMessage.Visible = True End Select End If End If End If End Sub

    For more, you could refer to the official documentation: Require Email Confirmation Before Log In

    Best Regards,

    Jenifer

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, June 24, 2019 7:54 AM

All replies

  • User839733648 posted

    Hi JamberFX,

    According to your descriptiona and code, I've made a test on my side.

    And I suggest that you should add an if statement to require the user to have a confirmed email before they can log on.

    You may add the following highlighted changes to your code.

    Protected Sub LogIn(ByVal sender As Object, ByVal e As EventArgs)
        If IsValid Then
            Dim manager = Context.GetOwinContext().GetUserManager(Of ApplicationUserManager)()
            Dim signinManager = Context.GetOwinContext().GetUserManager(Of ApplicationSignInManager)()
    Dim user = manager.FindByName(Email.Text) If user IsNot Nothing Then If Not user.EmailConfirmed Then FailureText.Text = "Invalid login attempt. You must have a confirmed email account." ErrorMessage.Visible = True Else Dim result = signinManager.PasswordSignIn(Email.Text, Password.Text, RememberMe.Checked, shouldLockout:=False) Select Case result Case SignInStatus.Success IdentityHelper.RedirectToReturnUrl(Request.QueryString("ReturnUrl"), Response) Case SignInStatus.LockedOut Response.Redirect("/Account/Lockout") Case SignInStatus.RequiresVerification Response.Redirect(String.Format("/Account/TwoFactorAuthenticationSignIn?ReturnUrl={0}&RememberMe={1}", Request.QueryString("ReturnUrl"), RememberMe.Checked), True) Case Else FailureText.Text = "Invalid login attempt" ErrorMessage.Visible = True End Select End If End If End If End Sub

    For more, you could refer to the official documentation: Require Email Confirmation Before Log In

    Best Regards,

    Jenifer

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, June 24, 2019 7:54 AM
  • User-1035489207 posted

    Works great.  Thanks!

    Monday, June 24, 2019 10:57 AM