Hi,
Following this example I have created a member register controller which sends out a verification email to the user.
Once the use clicks on the verification link (http://dev.website.com/umbraco/surface/RegisterSurface/MemberValidation?email=email@gmail.com&guid=xxxx)
the below action is called.
My problem is that I cant login the user as the password stored in the IMember is Row thus Members.Login() fails.
How should I bypass this?
[HttpGet]
[ActionName("MemberValidation")]
public ActionResult MemberValidation(string email, string guid)
{
if (email == null || guid == null)
{
Session["validateStatus"] = "error";
Session["validateMessage"] = "Error validating your email address";
return RedirectToUmbracoPage(Umbraco.TypedContentSingleAtXPath("//Home").Id);
}
var memberService = Services.MemberService;
var member = memberService.GetByEmail(email);
if (member.GetValue("validateguid").ToString().ToLower() == guid)
{
member.IsApproved = true;
memberService.Save(member);
***Where Im stuck***
if (Members.Login(member.Username, member.RawPasswordValue))
{
Session["validateStatus"] = "success";
Session["member"] = member;
return RedirectToUmbracoPage(Umbraco.TypedContentSingleAtXPath("//AccountSettings").Id);
}
}
Session["validateStatus"] = "error";
Session["validateMessage"] = "Sorry - we can't seem to validate your email address";
return RedirectToUmbracoPage(Umbraco.TypedContentSingleAtXPath("//Home").Id);
}
Hi,
You shouldn't rely on attempting to retrieve a password on a member; that's not what that field is for - it doesn't provide the clear-text password but rather an encrypted value.
Instead, to log a member in programmatically you can do the following:
Validate the User account (you're doing this already - to an extent) - typically this includes making sure the member isn't locked out; is enabled; hasn't exceeded the maximum password attempts; etc.
On the surface that's all there is to it the most complex part is the account validation - if you take a look at Umbraco's source code you'll find a fairly comprehensive implementation here:
Members Login following Validation
Hi, Following this example I have created a member register controller which sends out a verification email to the user. Once the use clicks on the verification link (http://dev.website.com/umbraco/surface/RegisterSurface/MemberValidation?email=email@gmail.com&guid=xxxx) the below action is called.
My problem is that I cant login the user as the password stored in the IMember is Row thus Members.Login() fails.
How should I bypass this?
Hi, You shouldn't rely on attempting to retrieve a password on a member; that's not what that field is for - it doesn't provide the clear-text password but rather an encrypted value.
Instead, to log a member in programmatically you can do the following:
Log them in:
FormsAuthentication.SetAuthCookie(member.UserName, true);On the surface that's all there is to it the most complex part is the account validation - if you take a look at Umbraco's source code you'll find a fairly comprehensive implementation here:
Umbraco.Web.Security.Providers.UmbracoMembershipProvider.ValidateUser(string username, string password) (514 - 603)
Don't get caught up on line 550 - it uses CheckPassword to verify the provided password against RawPasswordValue by encrypting it first.
Thanks for the tip. Works great. So I understand that UmbracoMembershipProvider is an extension to provide a secure layer for member service?
UmbracoMembershipProvideris just that - a custom MembershipProvider built by Umbraco - similar to the built-in DotNet MembershipProvider...is working on a reply...
This forum is in read-only mode while we transition to the new forum.
You can continue this topic on the new forum by tapping the "Continue discussion" link below.