I am building a C# application where users creat an account and type their email address,
I know how to validate it with Regular expression, what I am having truble with is how to check if that email actually exist?
i.e. lilush#gmail.com --> is there such email address?
Thanks!
The only way to check this is to send an email to that address and make sure that you send a link that needs to be clicked to activate the account. There is no other way to check if an email is correct
Have a look at EmailVerify.NET
EmailVerify.NET is a powerful Microsoft .NET software component that verifies e-mail addresses with various tools, including:
Advanced syntax verification, according to IETF standards (RFC 2821 and RFC 2822, among others)
DNS validations, including MX record(s) lookup
Disposable e-mail address (DEA) validation
SMTP connection and availability checking
Mailbox existence checking, with greylisting and temporary unavailability support
Catch-all testing
There's only one way to do that: Send an email containing a (unique, of course) link to the address, and ask the user to click the link.
If you wanted to be really fancy you could embed an image in the email as-well. When your server detects that the image was downloaded then you know they opened the email. This also removes the need for the clicking a link thing which many people either don't trust or it doesn't work. Just a thought.
Related
I want people to be able to vote on my site, but I don't like sites that forces registration to do this. So my question is, is the any way to vote up/down, save the votes in a database, and make sure a person can only vote once? Without using cookies, I feel like its too easy to just clear cookies and vote again.
Email "captcha" is always nice - in order to vote, user has to provide email address, you send a link to that email and calculate the vote only if user clicked on that link. One unique email can have only one vote.
You could store their ip address in the database. But that would mean that people sharing one Internet connection would not be able to vote once one person has voted. Also people with dynamic IP address could vote multiple times.
So there is nothing that would work really well apart from making them register. But you could simplify the logging in process with e.g. Facbook SDK for JavaScript (https://developers.facebook.com/docs/facebook-login/login-flow-for-web/v2.0). There are many others you can use in parallel (Facebook, Google, etc.). This way they would not have to manually register on your site. The down-side is that you require them to have a Facebook account. Some people also prefer not to tie their Facebook account to 3rd party sites (e.g. me).
You can collect details indirectly such as Operating System, IP address, Browser, Pligins which are installed, All Version Numbers in that session and produce a Hash.
By this, you can accompolish a reasonable vote ONCE on website without authentication.
Your options are as follows:
Read their IP address
Cookies
User Agent
However, the best bet is by far a login solution.
the only way without cookies is that you stores values in database by their IP adress for their identification.
but it will also not work perfectly, because
1)user can use proxy.
2)people who shared a same internet connection have the same ip adress.
Your options could be:
1- Save IP (note that IP is changed on DHCP, dialup connections and proxies)
2- OpenID as you see in stackoverflow.com (note that user can use multiple id on yahoo, facebook, ...)
3- send a link to email address (note that user may be use multiple email)
4- use cookies (note that user can delete cookies)
We have this requirement where we send an email to a user where he can click yes or no. Based on the click some action would take place. But if the user forwards it to someone, and if they click on the buttons nothing should happen.
One way to make this happen is to have the recipient of the email to sign in, before he can click. But ideally, we would like to avoid that.
How can this be done if we don't want the user to sign in?
This is a bona-fide e-mail that arrives in someone's gmail inbox or something, I'm assuming? If that's the case, you are going to have to authenticate them one way or another using your system.
Some kind of HTML-format email with image/links on it to direct to your site, the links including some kind of unique-key that you can use to look up the user who received the e-mail with said unique-key, prepopulating the user ID field, and them having to supply their password to authenticate.
That's about the only way I can imagine it working, unless you are relying on the user having some kind of third-party identity-verification service like uh... what's the Microsoft one called, Passport? I'm very unfamiliar with that.
I am developing an MVC 4 app and use the OAuth providers provided by MS, but I would like to get an e-mail address for every user. For Google (default) and Facebook (using FacebookClient) I already get the users address, but what to do about the following:
Twitter (I have read it is not possible - still true?)
Microsoft - solved (see comments)
Yahoo - works (see comment)
LinkedIn - solved via own provider like for MS
And what about, when it is not possible via OAuth like with Twitter?
I've read in different threads it is not good/secure to just ask the user for it. Is it "secure enough" if I also require a verification via e-mail to actually use the address (but not the account in general) as I (will) do when changing the address?
The purpose of OAuth is not to provide email addresses, its to provide authentication in a standardized way. Just because a lot of the implementations also happen to give you the option of an email address doesn't mean that all of them must comply. Twitter is a case in point.
Why would asking a user for their email address not be "secure"?
I would question that, I mean if you can't trust a users input regarding their email address, what can you trust them with? If you're using some sort of confirmation mail system it would surely be fine?
I would like to add the ability for users to send an email to an address that automatically saves the attachments as documents and saves the email as html, etc.
I think I understand how I can write the functions, but I'm uncertain on how to ensure the security. My application is designed as single code, but each customer has their own database and subdomain. The app looks at the subdomain and determines the database to use for authentication, etc. (There is no master db.)
First, I thought sendgrid would give you a custom email address to use like a897a88s8#sendgrid.net that you could forward to for testing or real use but I don't see that anywhere. I would probably set up a separate domain
How do I ensure that emails sent from user from companyA gets saved in their db? I've thought of:
putting the company name in the email address that the user sends to "addpart-companyA#mysaasapp.com"
a custom email address with a company-wide unique key "addpart-3515645#mysaasapp.com"
The code can find the right db, look at the 'from' email address to see if it matches an existing user, then perform the desired functions. However, that doesn't seem too secure. I also am going to want several different email addresses that a user can use that performs different functions ('add to existing part, add to new part, don't add document, etc.)
I'm looking for a better setup that preferably allows for non-ugly email addresses. What do others do?
It sounds like you already have subdomains for each company. Are these used for email at all right now, or can you change the MX records for the subdomains? If you can programmatically alter your DNS, then it would be very easy to add a SendGrid parse MX record for each subdomain when it is created. Then you could use addpart#company.mysaasapp.com.
For security, I think you're on the right track with checking against a user in your database. Assuming your clients have their email properly configured, you could check SPF via the Authentication-Results header if you are concerned about spoofs.
I want to send the email to the sharepoint adminsitrator when user clicks the form button. How I can achieve this ?
The simplest solution for this scenario is to create a workflow with SharePoint Designer 2007. Here is an article that describes how to create a workflow that sends an email. You can manually choose administrators you want to mail, but it is much better approach to create a SharePoint group for admins and send an email to this group.
Make sure you have properly configured SharePoint outgoing email settings.
Upvoted Toni's but since the OP tagged it as C#, the function to send emails using the Central Administration is called SPUtiliy.SendEmail. To grab the email of the user (if you dont know the email) you could go with something like SPContext.Current.Web.AllUsers["DOMAIN\login"].Email (not test environment here, syntax may be off)