3

I just wanted to ask the procedure of email verification, whats the best method. So far i have a class that stores the information from the register.aspx form, then i send out an email to the user, but what should i send him, should i send the user a guid?.

Also my membership class that stores the register data is stored in a session, is this a good idea, becuase if the user session times out then the membership class will be nothing and the user will be prompted to register again in a Session Timeout webpage, is this a good method?

But what if i send the user a guid and then store the user data to the database with the guid and then check the email guid with the corresponding user guid in the database, what should i do?

Also i have a Regular expression that checks that the email is valid, its not that good yet and i havent tested it properly, is there free email verification api's out there?

I am using ASP.NET VB.

Joel Coehoorn
  • 399,467
  • 113
  • 570
  • 794
redoc01
  • 2,107
  • 5
  • 32
  • 64

4 Answers4

3

This is in addition to the already accepted answer - I wouldn't limit the email validation to checking the Regex syntax only.

There's a free email verification API I've been using that checks a number of factors, including syntax, typos, SMTP & MX-Records (which verifies the actual existence of the email address), if its a free or disposable email, etc.

They're offering a thousand monthly requests for free - mailboxlayer.com

Friendly Crook
  • 1,188
  • 1
  • 10
  • 13
3

Here is what I would do:

1) Ask for user's email

2) Validate the email using Regex

3) If valid, create a Timestamp (DateTime.Now), append with user's Id and any other useful information that I need. We can use some appropriate delimiters.

4) Encrypt the data and build a URL with the encrypted token and email to user

5) When user clicks, decrypt the information, check the timestamp (perhaps there is a timeout required) and use user's Id to get its data from database.

Aliostad
  • 80,612
  • 21
  • 160
  • 208
  • 2
    I would not use a RegEx for email validation. Too easy to get wrong, too many RegEx authors don't account for everything email addresses support. The more reliable option is to actually connect to the user's email server and ask it to validate the address. – Remy Lebeau Dec 13 '10 at 23:04
  • Remy Lebeau, i tryed to connect to the users email server like "hotmail", but i get an error "A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 64.4.20.174:25", seems like its getting block through firewall or virus software. Is there a work arround? – redoc01 Dec 14 '10 at 13:37
  • How can I encrypt data such way that I can decode it in afterwards? – kseen Nov 29 '11 at 13:44
1

Save the data to the database, including the GUID. Set the status of the record to "inactive". Send the email, with a link back that includes the GUID. When the link is clicked, set the registration record to "active". Only "active" records can log in.

You can't effectively validate an email address with a regexp - search this site for explanations of why.

chris
  • 36,094
  • 53
  • 157
  • 237
0

In .Net you should validate email addresses like this. See this question for details.

MailAddress address = new MailAddress(input)

This throws an exception if the email address is invalid.

Community
  • 1
  • 1
MarkJ
  • 30,070
  • 5
  • 68
  • 111