email-confirmation

Is it possible to test whether a confirm email token is expired using Identity Framework's UserManager ? No matter what the error is, from the following: var result = await UserManager.ConfirmEmailAsync(userId, code); I get a generic "Invalid Token" error. I found a way to parse the token for the date issued, which you can then check to see if is within the allowed timespan (default of 24hours if not specified). Identity.cs ApplicationUserManager public IDataProtector Protector { get; set; } public TimeSpan TokenLifespan { get; set; } ApplicationUserManager Create() // Explicitly set token

I've set up OWIN in an ASP.NET MVC app (including email confirmation). When an account is created I get an email containing a link to confirm my email. When I visit the link, I get the "Invalid Token" error. If I take that exact same link and instead change the domain to point at localhost while debugging the project, the email confirms just fine. The project is being deployed to an Azure Web Site (which I can't remote debug). I've tossed in some code to email me when confirmation fails (so that I can see the userId and code it was trying to confirm with) and I've verified that the code it's

I'm creating a PHP website which involves users signing up, and I'm wondering about best practices for "email confirmation" codes. New users must confirm their email addresses - I do this by generating a code and sending it to the user in an email, which he can then use to activate his account. Rather than storing this key in a database, I'm using a handy little workaround: the code is the result of: md5("xxxxxxxxx".$username."xxxxxxxxxxx".$timestamp."xxxxxxxxx"); Where $timestamp refers to the user-creation time. On the whole I was quite pleased with this, but then I got to thinking, is this

I'm writing a program, that sends email messages and want to know when the receiver receives the email message I've sent to him. How can I do this using JavaMail API? If I use SMTPMessage, how exactly to deal with the result after I've set the notify options? SMTPMessage smtpMsg = new SMTPMessage(msg); smtpMsg.setNotifyOptions(SMTPMessage.NOTIFY_SUCCESS); There is no standard way of doing this that's accepted and honored across the board. I see that you have some options, though: Add a header "Return-Receipt-To" with your e-mail address in the value. If the recipient of the e-mail has a client

I hope you can help me figure the best way to implement a manual (server-side initiated) login without using the password. Let me explain the workflow: User registers Thank you! An email with an activation link has been sent blablabla (Account now exists but is marked not enabled) User opens email, clicks link (Account is enabled) Thank you! You can now use the site What I'm trying to do is log in the user after he has clicked the email link so he can start using the website right away. I can't use his password since it's encrypted in the DB, is the only option writing a custom authentication