I'm developing a web application in ASP.NET MVC, and I want users to be able to click on a new link and have it send an email through their default email client with information already filled in, how do I do this?
How would I do it if I wanted an email to be sent out when a new ticket was submitted in the help system?
From MSDN:
<a href="mailto:user#example.com?
subject=MessageTitle&
body=Message Content">
Contact Us</a>
If you wanted to send this email to all users of your application, you'd probably need to automate that part into a service that sends email automatically. You can send email through .NET without any interaction from the user.
Without having the particulars, I see you could do it as follows:
User adds Ticket to the database.
Asynchronous Service polls database for changes to that table.
When it encounters a new ticket, sends an email to a list of users using information from this Stack Overflow question.
The list of users would come from the database, or whatever mechanism you have in place to authenticate and authorize users. If it's Active Directory, it would come from members of that group.
Update
If the user wants to share that email with others, then why not let them pick who they want to share it with in Outlook?
At that point, you can leave off the email address and they can choose it when it pops up in their email editor:
Contact Us
That produces the following when you click on the link:
Related
I have developed an application, which has got an approval flow. The application approval / reject is working fine and I have been tasked with developing a solution for approval through emails, instead of the users log in on to the application, which anyway uses domain credentials. The application is hosted locally, allowed locally only, and is not published onto any public IPs. This requirement of mail approvals are for Management approvals, who are on the move most of the time and will not be agreeing to go for a VPN Access of the said application.
So far I developed a solution which sends an eMail to the approval authority with 2 URLs (one for approve and other for reject). When the recipient of the mail clicks on the relevant link the action is updated in the database. Until here everything was tested and working fine.
Now in case the mail is forwarded by the authorized approver to a different email ID, they secondary recipient also will be able to click on the relevant links and get the database updated which is not the intended functionality since the secondary recipient is not an authorized approver.
Any suggestions on how to control this are desired.
Edit 1
To the 2 URLs I am sending in mail, I am adding a query string, which is a unique identifier associated with the approval authority ID.
However, if the same mail is forwarded to a secondary recipient, I am not sure on how to validate the eMail ID from which the click originated.
Edit 2
I have tried the suggestions (given in the comments below ). I have generated the mail with Request ID in the subject of the mail and requested the users to reply to that mail with only one word in body either Approve / Reject. I have ensured that the application shall process it in a case insensitive way. However, there were so many typos for one word that I could not imagine the number of combinations I had to cope up with.
I have also tried, having the Request ID in the subject of the mail, and requested the users to reply to that mail by appending either : A for approve or : R for reject (case insensitive). But this again resulted in numerous typos.
You have basically two options
have your users reply to the email with Accept or Reject like you said. In this case, you will have to validate whether the email account in the FROM field has the right to do so.
have your user click a link. In this case, you will HAVE to make the application validate the user based on his login credentials.
There is no other way to go about this. You either have to validate the email sender, or the person has to be logged in to the application. There is no other mechanism available in this scenario.
There might be different ways of implementing these two options, but those are the only options you have.
I am creating a application that will send emails to users requesting some information to be filled.
The user must be able to fill the informations requested.
What should be the right approach to achieve this ,
A html form should do this or a link should be given to every different user
Email has no interactive capabilities, so you can't embed a form in the email message like you would in a webpage.
A decent solution is to embed a link in the email which takes the user to a page on your app where they can fill in a form and submit the answer to you, like with any webform.
Since you have an email for each user, you could generate the link as myapp.com/responses/${some_part_dependent_on_email}. Where the ${some_part_dependent_on_email} can be a hash of the email or some bijective function of the email. The first option requires that you do a more complex join to find out to which email a response belongs to, whereas the second one might expose users emails in the URLs, which is not so great.
Short Story: I'm a Newbie in application security. I need to implement a login via email.
Long Story: I have built a basic web chat application using SignalR, now i'm working in saving conversation in SQLServer Db. But my next challenge is to create a chat invitation email that will be send to all users from my db. The email should contain a link that when users will click they will be redirected to the chat web-page and automatically signed in.
My question is: Can it be done? And if it can, how can it be done
Thank you for your help!
Ok, the email client will not give you ability to authenticate, but you can open from email link page A which redirects user to page B on the same application. dummy page A (if application hosted on local intranet and windows authentication is configured on the application) will post to page B user identity.
I am implementing the Facebook Login widget inside my ASP.NET 4.5 C# web application. When I clicked the login button I eventually get the accessToken. My question is regarding making the user persistant in my application.
There is data that is associated with the specific facebook user. when the user log off and log in back (assuming that the cookie might be deleted), I want to be able to recognize him again to display the relevant information.
I know that I need to use the database, but what is the best practice to do so. Should I use the user ID or email address as a unique user identification string?
I am using MySQL as the backend.
I have been working on a similar application which uses either Facebook (OAuth), Google (OpenId) or a manual registration login approach.
My prefered solution was to ask the user for their email address, you will need to request extended permissions on the email field from Facebook as it is not offered up by default.
http://developers.facebook.com/docs/authentication/permissions
My table structure looks like this.
User
Id (int)
Email (nvarchar(256))
FacebookToken (nvarchar(256))
GoogleToken (nvarchar(256))
The advantage to this method is you are able to link up your users to the right account if you decide later to add another authentication / identification service or roll your own. It won;t matter if they login to FB, Google or Twitter - you always know whcih account to attach them to.
It is also useful to have an email address for each of your users regardless.
Regards
Steve
I am doing a little work with Facebook Connect and wondering how on Stack Overflow for example, you are able to login using another login provider such as Facebook or Yahoo, and for the site to be able to pick up your user details as you registered them on Stack Overflow? As far as I am aware, you could have registered using a different email address and your first name and last name are not unique identifiers, so how is it done?
It all depends on your use case. For example, I use the e-mail address as a unique identifier. When you log in with Facebook, my portal also asks your e-mail address from Facebook. Then, it searches a user object with a matching e-mail address from the database.
There are more than one ways of doing this:
Only allow login via Facebook. Then you can definitely identify all of your users via their e-mail address.
Allow logging in via Facebook and a username/password too, but require your users to use the same e-mail address in both places.
Allow logging in via Facebook and a username/password too, and allow your users to use different e-mail addresses for each. This is the most complicated option. Most sites solve this by requiring the user to 'pair' their Facebook account with their site account. This means that first time it is set up, users need to log in to the site, and while they're logged in to the site, they can log in to Facebook. Then your site stores their Facebook identity (no e-mail required in this case, just store the user id in a field). After this, the users can login via Facebook only, and you can pair their Facebook user id with the corresponding user object in your own database.
If you have any questions, just write them in the comments. :)
You would most likely add a new column on to your user table such as facebook_uid. Then, if a user has an existing account, you would get them to sign in to that first, before connecting to facebook, you can then store their facebook_uid against your existing user_id. Then if the user turns up and is already signed in to facebook, you can sign them into your website as well. If the user doesn't have an existing account on your site, you would simply create one (possibly filling it with the users name from facebook)
If you wanted to allow multiple methods of sign in, you could potentially have another table that holds a mapping between a provider (facebook,twitter,google etc) and the associated id for that account back to your user table.
The basics are, when they sign in with a 3rd party login system, you either map it to a current account on your site, or you create new account on your site if one does not already exist, and you map the account to it. You would obviously need to make this clear to your users, or have some way to merge accounts in case they aren't already signed in when they use a 3rd party. You could also potentially ask for email access from facebook and try and map that to an existing account, before creating a new one
Thanks