I would like to add the ability for users to send an email to an address that automatically saves the attachments as documents and saves the email as html, etc.
I think I understand how I can write the functions, but I'm uncertain on how to ensure the security. My application is designed as single code, but each customer has their own database and subdomain. The app looks at the subdomain and determines the database to use for authentication, etc. (There is no master db.)
First, I thought sendgrid would give you a custom email address to use like a897a88s8#sendgrid.net that you could forward to for testing or real use but I don't see that anywhere. I would probably set up a separate domain
How do I ensure that emails sent from user from companyA gets saved in their db? I've thought of:
putting the company name in the email address that the user sends to "addpart-companyA#mysaasapp.com"
a custom email address with a company-wide unique key "addpart-3515645#mysaasapp.com"
The code can find the right db, look at the 'from' email address to see if it matches an existing user, then perform the desired functions. However, that doesn't seem too secure. I also am going to want several different email addresses that a user can use that performs different functions ('add to existing part, add to new part, don't add document, etc.)
I'm looking for a better setup that preferably allows for non-ugly email addresses. What do others do?
It sounds like you already have subdomains for each company. Are these used for email at all right now, or can you change the MX records for the subdomains? If you can programmatically alter your DNS, then it would be very easy to add a SendGrid parse MX record for each subdomain when it is created. Then you could use addpart#company.mysaasapp.com.
For security, I think you're on the right track with checking against a user in your database. Assuming your clients have their email properly configured, you could check SPF via the Authentication-Results header if you are concerned about spoofs.
Related
For example, let's say I'm building a bulk send workflow with the DocuSign API so that it'll be integrated into a school's website. Teachers want to be able to send out permission slips and such to all the parents through their school portal. There is currently a system already in place that makes use of embedded sending an embedded signing, but of course this only works for single envelopes. Is it possible to have a similar system for bulk?
The bulkSendingCopyRecipient object, defined in the BulkSend:createBulkSendList method page does indeed allow you to set the clientUserId for each bulk send recipient.
So you should be able to create a bulk send of envelopes that include recipients who will use an embedded signing ceremony.
Try it out and let us know if it works! (I haven't tried this myself.)
I have developed an application, which has got an approval flow. The application approval / reject is working fine and I have been tasked with developing a solution for approval through emails, instead of the users log in on to the application, which anyway uses domain credentials. The application is hosted locally, allowed locally only, and is not published onto any public IPs. This requirement of mail approvals are for Management approvals, who are on the move most of the time and will not be agreeing to go for a VPN Access of the said application.
So far I developed a solution which sends an eMail to the approval authority with 2 URLs (one for approve and other for reject). When the recipient of the mail clicks on the relevant link the action is updated in the database. Until here everything was tested and working fine.
Now in case the mail is forwarded by the authorized approver to a different email ID, they secondary recipient also will be able to click on the relevant links and get the database updated which is not the intended functionality since the secondary recipient is not an authorized approver.
Any suggestions on how to control this are desired.
Edit 1
To the 2 URLs I am sending in mail, I am adding a query string, which is a unique identifier associated with the approval authority ID.
However, if the same mail is forwarded to a secondary recipient, I am not sure on how to validate the eMail ID from which the click originated.
Edit 2
I have tried the suggestions (given in the comments below ). I have generated the mail with Request ID in the subject of the mail and requested the users to reply to that mail with only one word in body either Approve / Reject. I have ensured that the application shall process it in a case insensitive way. However, there were so many typos for one word that I could not imagine the number of combinations I had to cope up with.
I have also tried, having the Request ID in the subject of the mail, and requested the users to reply to that mail by appending either : A for approve or : R for reject (case insensitive). But this again resulted in numerous typos.
You have basically two options
have your users reply to the email with Accept or Reject like you said. In this case, you will have to validate whether the email account in the FROM field has the right to do so.
have your user click a link. In this case, you will HAVE to make the application validate the user based on his login credentials.
There is no other way to go about this. You either have to validate the email sender, or the person has to be logged in to the application. There is no other mechanism available in this scenario.
There might be different ways of implementing these two options, but those are the only options you have.
I want people to be able to vote on my site, but I don't like sites that forces registration to do this. So my question is, is the any way to vote up/down, save the votes in a database, and make sure a person can only vote once? Without using cookies, I feel like its too easy to just clear cookies and vote again.
Email "captcha" is always nice - in order to vote, user has to provide email address, you send a link to that email and calculate the vote only if user clicked on that link. One unique email can have only one vote.
You could store their ip address in the database. But that would mean that people sharing one Internet connection would not be able to vote once one person has voted. Also people with dynamic IP address could vote multiple times.
So there is nothing that would work really well apart from making them register. But you could simplify the logging in process with e.g. Facbook SDK for JavaScript (https://developers.facebook.com/docs/facebook-login/login-flow-for-web/v2.0). There are many others you can use in parallel (Facebook, Google, etc.). This way they would not have to manually register on your site. The down-side is that you require them to have a Facebook account. Some people also prefer not to tie their Facebook account to 3rd party sites (e.g. me).
You can collect details indirectly such as Operating System, IP address, Browser, Pligins which are installed, All Version Numbers in that session and produce a Hash.
By this, you can accompolish a reasonable vote ONCE on website without authentication.
Your options are as follows:
Read their IP address
Cookies
User Agent
However, the best bet is by far a login solution.
the only way without cookies is that you stores values in database by their IP adress for their identification.
but it will also not work perfectly, because
1)user can use proxy.
2)people who shared a same internet connection have the same ip adress.
Your options could be:
1- Save IP (note that IP is changed on DHCP, dialup connections and proxies)
2- OpenID as you see in stackoverflow.com (note that user can use multiple id on yahoo, facebook, ...)
3- send a link to email address (note that user may be use multiple email)
4- use cookies (note that user can delete cookies)
I am building a C# application where users creat an account and type their email address,
I know how to validate it with Regular expression, what I am having truble with is how to check if that email actually exist?
i.e. lilush#gmail.com --> is there such email address?
Thanks!
The only way to check this is to send an email to that address and make sure that you send a link that needs to be clicked to activate the account. There is no other way to check if an email is correct
Have a look at EmailVerify.NET
EmailVerify.NET is a powerful Microsoft .NET software component that verifies e-mail addresses with various tools, including:
Advanced syntax verification, according to IETF standards (RFC 2821 and RFC 2822, among others)
DNS validations, including MX record(s) lookup
Disposable e-mail address (DEA) validation
SMTP connection and availability checking
Mailbox existence checking, with greylisting and temporary unavailability support
Catch-all testing
There's only one way to do that: Send an email containing a (unique, of course) link to the address, and ask the user to click the link.
If you wanted to be really fancy you could embed an image in the email as-well. When your server detects that the image was downloaded then you know they opened the email. This also removes the need for the clicking a link thing which many people either don't trust or it doesn't work. Just a thought.
I want to send the email to the sharepoint adminsitrator when user clicks the form button. How I can achieve this ?
The simplest solution for this scenario is to create a workflow with SharePoint Designer 2007. Here is an article that describes how to create a workflow that sends an email. You can manually choose administrators you want to mail, but it is much better approach to create a SharePoint group for admins and send an email to this group.
Make sure you have properly configured SharePoint outgoing email settings.
Upvoted Toni's but since the OP tagged it as C#, the function to send emails using the Central Administration is called SPUtiliy.SendEmail. To grab the email of the user (if you dont know the email) you could go with something like SPContext.Current.Web.AllUsers["DOMAIN\login"].Email (not test environment here, syntax may be off)