ptg 1164 CHAPTER 26 Using the Login Controls FIGURE 26.6 Formatting the CreateUserWizard control. These are the default form fields. The last three fields are optional. If you don’t want to require a user to enter either an email address or a security question and answer, you need to modify the configuration of the default membership provider. The web configuration file in Listing 26.13 makes both an email address and security question and answer optional. LISTING 26.13 Web.Config <?xml version=”1.0” encoding=”utf-8”?> <configuration> <system.web> <authentication mode=”Forms” /> <membership defaultProvider=”MyMembership”> <providers> <add name=”MyMembership” type=”System.Web.Security.SqlMembershipProvider” connectionStringName=”LocalSqlServer” requiresQuestionAndAnswer=”false” requiresUniqueEmail=”false” /> From the Library of Wow! eBook ptg 1165 Using the CreateUserWizard Control 26 FIGURE 26.7 An abbreviated registration form. </providers> </membership> </system.web> </configuration> If you add the web configuration file in Listing 26.13 to your application, the CreateUserWizard control does not render fields for a security question and answer. However, the CreateUserWizard control still renders an email field. If you don’t want the email form field to be rendered, you must perform an additional step. You must set the CreateUserWizard control’s RequireEmail property to the value False. If you add the page in Listing 26.14 to an application that contains the web configuration file in Listing 26.13, the email, security question, and security answer form fields are not displayed (see Figure 26.7). LISTING 26.14 CreateUserWizardShort.aspx <%@ Page Language=”C#” %> <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”> <html xmlns=”http://www.w3.org/1999/xhtml” > <head id=”Head1” runat=”server”> From the Library of Wow! eBook ptg 1166 CHAPTER 26 Using the Login Controls <title>CreateUserWizard Short</title> </head> <body> <form id=”form1” runat=”server”> <div> <asp:CreateUserWizard id=”CreateUserWizard1” RequireEmail=”false” Runat=”server” /> </div> </form> </body> </html> WARNING Don’t set the CreateUserWizard control’s RequireEmail property to the value False when the membership provider’s requiresUniqueEmail property is set to the value True. In other words, don’t require an email address when you haven’t provided a user with a method for entering an email address. Sending a Create User Email Message You can set up the CreateUserWizard control so that it automatically sends an email when a new user registers. For example, you can send an email that contains the new user’s registered username and password to that user’s email account. WARNING Sending an unencrypted email across the Internet with a user’s password is danger- ous. However, it also is a common practice to include a password in a registration con- firmation email. The page in Listing 26.15 includes a MailDefinition property that specifies the properties of the email that is sent to a user after the user successfully registers. LISTING 26.15 CreateUserWizardEmail.aspx <%@ Page Language=”C#” %> <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”> <html xmlns=”http://www.w3.org/1999/xhtml” > From the Library of Wow! eBook ptg 1167 Using the CreateUserWizard Control 26 <head id=”Head1” runat=”server”> <title>CreateUserWizard Email</title> </head> <body> <form id=”form1” runat=”server”> <div> <asp:CreateUserWizard id=”CreateUserWizard1” Runat=”server”> <MailDefinition BodyFileName=”Register.txt” Subject=”Registration Confirmation” From=”Admin@YourSite.com” /> </asp:CreateUserWizard> </div> </form> </body> </html> The MailDefinition class supports the following properties: . BodyFileName—Enables you to specify the path to the email message. . CC—Enables you to send a carbon copy of the email message. . EmbeddedObjects—Enables you to embed objects, such as images, in the email message. . From—Enables you to specify the FROM email address. . IsBodyHtml—Enables you to send an HTML email message. . Priority—Enables you to specify the priority of the email message. Possible values are High, Low, and Normal. . Subject—Enables you to specify the subject of the email message. The MailDefinition associated with the CreateUserWizard control in Listing 26.15 sends the contents of the text file in Listing 26.16. LISTING 26.16 Register.txt Thank you for registering! Here is your new username and password: username: <% UserName %> password: <% Password %> From the Library of Wow! eBook ptg 1168 CHAPTER 26 Using the Login Controls FIGURE 26.8 Receiving a registration email. The email message in Listing 26.16 includes two special expressions: <% UserName %> and <% Password %>. When the email is sent, the user’s registered username and password are substituted for these expressions (see Figure 26.8). NOTE You c an send a user’s password in an email me ssage even when the pas sword is encrypted or hashed by the Membership provider. The MailDefinition class uses the email server configured by the smtp element in the web configuration file. For example, the web configuration file in Listing 26.17 illustrates how you can configure the MailDefinition class to use the local SMTP server included with Internet Information Services. (You can enable the local SMTP Server by opening Internet Information Services from the Administrative Tools folder.) LISTING 26.17 Web.Config <?xml version=”1.0” encoding=”utf-8”?> <configuration> <system.net> <mailSettings> <smtp deliveryMethod=”PickupDirectoryFromIis”/> </mailSettings> </system.net> <system.web> <authentication mode=”Forms” /> </system.web> </configuration> From the Library of Wow! eBook ptg 1169 Using the CreateUserWizard Control 26 If you need to connect to a mail server located on another machine, you can use the web configuration file in Listing 26.18. In Listing 26.18, the smtp element includes a network element that specifies a mail host, username, and password. LISTING 26.18 Web.Config <?xml version=”1.0” encoding=”utf-8”?> <configuration> <system.net> <mailSettings> <smtp> <network host=”mail.YourServer.com” userName=”admin” password=”secret” /> </smtp> </mailSettings> </system.net> <system.web> <authentication mode=”Forms” /> </system.web> </configuration> NOTE If you need to customize the email message sent by the CreateUserWizard control, you can handle the CreateUserWizard control’s SendingMail event. See the CreateUserWizardCodeConfirmation.aspx page in the next section. Automatically Redirecting a User to the Referring Page When you successfully log in from the Login.aspx page, you automatically are redirected back to the original page you requested. The CreateUserWizard control, on the other hand, does not redirect you back anywhere. If you want the CreateUserWizard control to work in the same way as the Login control, you need to write some code. The Login control in Listing 26.19 includes a link to a user registration page named CreateUserWizardReturn.aspx. In the Page_Load() event handler, the value of the ReturnUrl query string parameter is added to the link to the registration page. LISTING 26.19 LoginReturn.aspx <%@ Page Language=”C#” %> <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”> From the Library of Wow! eBook ptg 1170 CHAPTER 26 Using the Login Controls <script runat=”server”> protected void Page_Load(object sender, EventArgs e) { if (!Page.IsPostBack) { string dest = Request.QueryString[“ReturnUrl”]; Login1.CreateUserUrl = “~/CreateUserWizardReturn.aspx?ReturnUrl=” + Server.UrlEncode(dest); } } </script> <html xmlns=”http://www.w3.org/1999/xhtml” > <head id=”Head1” runat=”server”> <title>Login Return</title> </head> <body> <form id=”form1” runat=”server”> <div> <asp:Login id=”Login1” CreateUserText=”Register” CreateUserUrl=”~/CreateUserWizardReturn.aspx” Runat=”server” /> </div> </form> </body> </html> Before you use the page in Listing 26.19, you need to rename the page to Login.aspx. If a user requests a page that the user is not authorized to access, the user is automatically redirected to the Login.aspx page. The ReturnUrl parameter is automatically added to the request for Login.aspx. The page in Listing 26.20 contains a CreateUserWizard control. This page also contains a Page_Load() event handler. The value of the ReturnUrl query string parameter is used to redirect the user back to the originally requested page. LISTING 26.20 CreateUserWizardReturn.aspx <%@ Page Language=”C#” %> <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”> <script runat=”server”> From the Library of Wow! eBook ptg 1171 Using the CreateUserWizard Control 26 void Page_Load() { if (!Page.IsPostBack) { string dest = “~/Default.aspx”; if (!String.IsNullOrEmpty(Request.QueryString[“ReturnURL”])) dest = Request.QueryString[“ReturnURL”]; CreateUserWizard1.ContinueDestinationPageUrl = dest; } } </script> <html xmlns=”http://www.w3.org/1999/xhtml” > <head id=”Head1” runat=”server”> <title>CreateUserWizard Return</title> </head> <body> <form id=”form1” runat=”server”> <div> <asp:CreateUserWizard id=”CreateUserWizard1” Runat=”server” /> </div> </form> </body> </html> Automatically Generating a Password Some websites require you to complete multiple steps when registering. For example, you must complete the following steps when registering for a new account at eBay: 1. Complete the registration form. 2. Receive an email with a confirmation code. 3. Enter the confirmation code into a form. This method of registration enables you to verify a user’s email address. If someone enters an invalid email address, the confirmation code is never received. If you need to implement this registration scenario, you need to know about the following three properties of the CreateUserWizard control: . AutoGeneratePassword—Enables the CreateUserWizard control to generate a new password automatically. From the Library of Wow! eBook ptg 1172 CHAPTER 26 Using the Login Controls . DisableCreatedUser—Enables you to disable the new user account created by the CreateUserWizard control. . LoginCreatedUser—Enables you to prevent a new user from being logged in automatically. You can send two types of confirmation email messages. First, you can generate a new password automatically and send the password to the user. In that case, you want to enable the AutoGeneratePassword property and disable the LoginCreatedUser properties. Alternatively, you can allow a new user to enter her own password and send a distinct confirmation code in the confirmation email message. In that case, you want to enable the DisableCreatedUser property and disable the LoginCreatedUser property. Let’s examine each of these scenarios in turn. The page in Listing 26.21 contains a CreateUserWizard control that does not render a pass- word form field. The control has its AutoGeneratePassword property enabled and its LoginCreatedUser property disabled. After you complete the form rendered by the CreateUserWizard control, you can click the Continue button to open the Login.aspx page. LISTING 26.21 CreateUserWizardPasswordConfirmation.aspx <%@ Page Language=”C#” %> <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”> <html xmlns=”http://www.w3.org/1999/xhtml” > <head id=”Head1” runat=”server”> <title>CreateUserWizard Password Confirmation</title> </head> <body> <form id=”form1” runat=”server”> <div> <asp:CreateUserWizard id=”CreateUserWizard1” CompleteSuccessText=”A confirmation email containing your new password has been sent to your email address.” AutoGeneratePassword=”true” LoginCreatedUser=”false” ContinueDestinationPageUrl=”~/Login.aspx” Runat=”server”> <MailDefinition From=”Admin@YourSite.com” BodyFileName=”PasswordConfirmation.htm” IsBodyHtml=”true” Subject=”Registration Confirmation” /> </asp:CreateUserWizard> From the Library of Wow! eBook ptg 1173 Using the CreateUserWizard Control 26 </div> </form> </body> </html> WARNING Don’t set the membership provider’s passwordStrengthRegularExpression attribute when enabling the CreateUserWizard control’s AutoGeneratePassword property. The CreateUserWizard control in Listing 26.21 sends the email message contained in Listing 26.22. LISTING 26.22 PasswordConfirmation.htm <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”> <html xmlns=”http://www.w3.org/1999/xhtml” > <head> <title>Password Confirmation</title> </head> <body> Your new password is <% Password %>. </body> </html> The email message in Listing 26.22 includes the automatically generated password. When the new user receives the automatically generated password in her inbox, she can enter the password in the Login.aspx page. In the second scenario, the user gets to choose his password. However, the user’s account is disabled until he enters his confirmation code. The CreateUserWizard control in Listing 26.23 has its DisableCreateUser property enabled and its LoginCreatedUser property disabled. LISTING 26.23 CreateUserWizardCodeConfirmation.aspx <%@ Page Language=”C#” %> <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”> <script runat=”server”> From the Library of Wow! eBook . the Login.aspx page. LISTING 26.21 CreateUserWizardPasswordConfirmation.aspx <%@ Page Language=”C#” %> <!DOCTYPE html PUBLIC -/ /W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>. are not displayed (see Figure 26.7). LISTING 26. 14 CreateUserWizardShort.aspx <%@ Page Language=”C#” %> <!DOCTYPE html PUBLIC -/ /W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>. LoginCreatedUser property disabled. LISTING 26.23 CreateUserWizardCodeConfirmation.aspx <%@ Page Language=”C#” %> <!DOCTYPE html PUBLIC -/ /W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>