I am using the template asp.net/vb.net web forms application with individual user accounts in VS 2017. I have it setup for email verification and that is working fine. However, although the user receives a verification email upon registration, they are
still allowed to stay logged in without clicking the link in the verification email. The only thing that they can't do without verifying their email is get a password recovery email or change their password. I would like to be able force them to verify their
email before remaining logged into the site.
I assume that I need to make changes to the code below, but I cannot figure out how/what to change.
Protected Sub LogIn(sender As Object, e As EventArgs)
If IsValid Then
' Validate the user password
Dim manager = Context.GetOwinContext().GetUserManager(Of ApplicationUserManager)()
Dim signinManager = Context.GetOwinContext().GetUserManager(Of ApplicationSignInManager)()
' This doesn't count login failures towards account lockout
' To enable password failures to trigger lockout, change to shouldLockout := True
Dim result = signinManager.PasswordSignIn(Email.Text, Password.Text, RememberMe.Checked, shouldLockout := False)
Select Case result
Case SignInStatus.Success
IdentityHelper.RedirectToReturnUrl(Request.QueryString("ReturnUrl"), Response)
Exit Select
Case SignInStatus.LockedOut
Response.Redirect("/Account/Lockout")
Exit Select
Case SignInStatus.RequiresVerification
Response.Redirect(String.Format("/Account/TwoFactorAuthenticationSignIn?ReturnUrl={0}&RememberMe={1}",
Request.QueryString("ReturnUrl"),
RememberMe.Checked),
True)
Exit Select
Case Else
FailureText.Text = "Invalid login attempt"
ErrorMessage.Visible = True
Exit Select
End Select
End If
End Sub
According to your descriptiona and code, I've made a test on my side.
And I suggest that you should add an if statement to require the user to have a confirmed email before they can log on.
You may add the following highlighted changes to your code.
Protected Sub LogIn(ByVal sender As Object, ByVal e As EventArgs)
If IsValid Then
Dim manager = Context.GetOwinContext().GetUserManager(Of ApplicationUserManager)()
Dim signinManager = Context.GetOwinContext().GetUserManager(Of ApplicationSignInManager)()
Dim user = manager.FindByName(Email.Text)
If user IsNot Nothing Then
If Not user.EmailConfirmed Then
FailureText.Text = "Invalid login attempt. You must have a confirmed email account."
ErrorMessage.Visible = True
Else
Dim result = signinManager.PasswordSignIn(Email.Text, Password.Text, RememberMe.Checked, shouldLockout:=False)
Select Case result
Case SignInStatus.Success
IdentityHelper.RedirectToReturnUrl(Request.QueryString("ReturnUrl"), Response)
Case SignInStatus.LockedOut
Response.Redirect("/Account/Lockout")
Case SignInStatus.RequiresVerification
Response.Redirect(String.Format("/Account/TwoFactorAuthenticationSignIn?ReturnUrl={0}&RememberMe={1}", Request.QueryString("ReturnUrl"), RememberMe.Checked), True)
Case Else
FailureText.Text = "Invalid login attempt"
ErrorMessage.Visible = True
End Select
End If
End If
End If
End Sub
MSDN Community Support
Please remember to click "Mark as Answer" the responses that resolved your issue.
If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
Member
4 Points
30 Posts
How can I require that a user verify their email address to stay logged in to a asp.net/vb.net we...
Jun 21, 2019 03:31 PM|JamberFX|LINK
I am using the template asp.net/vb.net web forms application with individual user accounts in VS 2017. I have it setup for email verification and that is working fine. However, although the user receives a verification email upon registration, they are still allowed to stay logged in without clicking the link in the verification email. The only thing that they can't do without verifying their email is get a password recovery email or change their password. I would like to be able force them to verify their email before remaining logged into the site.
I assume that I need to make changes to the code below, but I cannot figure out how/what to change.
Protected Sub LogIn(sender As Object, e As EventArgs) If IsValid Then ' Validate the user password Dim manager = Context.GetOwinContext().GetUserManager(Of ApplicationUserManager)() Dim signinManager = Context.GetOwinContext().GetUserManager(Of ApplicationSignInManager)() ' This doesn't count login failures towards account lockout ' To enable password failures to trigger lockout, change to shouldLockout := True Dim result = signinManager.PasswordSignIn(Email.Text, Password.Text, RememberMe.Checked, shouldLockout := False) Select Case result Case SignInStatus.Success IdentityHelper.RedirectToReturnUrl(Request.QueryString("ReturnUrl"), Response) Exit Select Case SignInStatus.LockedOut Response.Redirect("/Account/Lockout") Exit Select Case SignInStatus.RequiresVerification Response.Redirect(String.Format("/Account/TwoFactorAuthenticationSignIn?ReturnUrl={0}&RememberMe={1}", Request.QueryString("ReturnUrl"), RememberMe.Checked), True) Exit Select Case Else FailureText.Text = "Invalid login attempt" ErrorMessage.Visible = True Exit Select End Select End If End SubContributor
2150 Points
705 Posts
Re: How can I require that a user verify their email address to stay logged in to a asp.net/vb.ne...
Jun 24, 2019 07:54 AM|Jenifer Jiang|LINK
Hi JamberFX,
According to your descriptiona and code, I've made a test on my side.
And I suggest that you should add an if statement to require the user to have a confirmed email before they can log on.
You may add the following highlighted changes to your code.
Protected Sub LogIn(ByVal sender As Object, ByVal e As EventArgs) If IsValid Then Dim manager = Context.GetOwinContext().GetUserManager(Of ApplicationUserManager)() Dim signinManager = Context.GetOwinContext().GetUserManager(Of ApplicationSignInManager)()Dim user = manager.FindByName(Email.Text) If user IsNot Nothing Then If Not user.EmailConfirmed Then FailureText.Text = "Invalid login attempt. You must have a confirmed email account." ErrorMessage.Visible = True Else Dim result = signinManager.PasswordSignIn(Email.Text, Password.Text, RememberMe.Checked, shouldLockout:=False) Select Case result Case SignInStatus.Success IdentityHelper.RedirectToReturnUrl(Request.QueryString("ReturnUrl"), Response) Case SignInStatus.LockedOut Response.Redirect("/Account/Lockout") Case SignInStatus.RequiresVerification Response.Redirect(String.Format("/Account/TwoFactorAuthenticationSignIn?ReturnUrl={0}&RememberMe={1}", Request.QueryString("ReturnUrl"), RememberMe.Checked), True) Case Else FailureText.Text = "Invalid login attempt" ErrorMessage.Visible = True End Select End If End If End If End Sub
For more, you could refer to the official documentation: Require Email Confirmation Before Log In
Best Regards,
Jenifer
Please remember to click "Mark as Answer" the responses that resolved your issue.
If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
Member
4 Points
30 Posts
Re: How can I require that a user verify their email address to stay logged in to a asp.net/vb.ne...
Jun 24, 2019 10:57 AM|JamberFX|LINK
Works great. Thanks!