Learning from membership: registering a user

Vs comes with the registered user control createuserwizard. Although this control can be modified, it is something of others, and many places do not meet their own requirements. Therefore, we often want to create beautiful registration pages by ourselves.

Before creating the registration page, we need to configure web. config, that is, configure the membership section. The configuration of Web. config determines the creation of the registration page, for example, whether you need to register a password to prompt the question, the password to prompt the answer, whether the registered password is encrypted, and whether the registered user needs to be reviewed.

 

Code

 <membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="30">
<providers>
<clear/>
<add name="SqlProvider"
                           type="System.Web.Security.SqlMembershipProvider"
                           connectionStringName="MySqlConnection"
                           applicationName="MyApplication"
                           enablePasswordRetrieval="false"
                           enablePasswordReset="true"
                           requiresQuestionAndAnswer="true"
                           requiresUniqueEmail="true"
                           passwordFormat="Hashed"/>
</providers>
</membership>

Userisonlinetimewindow: specify the number of minutes that the user is considered online after the date/timestamp of the last activity. For example, set it to 30 minutes.

Connectionstringname --- connection string, which can be modified based on your website

Enablepasswordretrieval ----- indicates whether the current membership provider is configured to allow users to retrieve their passwords. If the website needs to provide the password retrieval function and change the password function, set it to true;

Enablepasswordreset ----- indicates whether the current membership provider is configured to allow users to reset their passwords. If the website needs to provide the password modification function, it is best to set it to true;

Requiresquestionandanswer ----- This value indicates whether the default membership provider requires the user to answer the password prompt during password reset and retrieval. Same as above, if the website needs to provide password retrieval and user review functions, it needs to be set to true. If you do not need these functions, set them to false;

Requireuniqueemail ----- indicates whether the current membership provider is configured as an email of different users. Generally, this parameter is set to false;

Passwordformat ----- describe the encryption format for storing the password of a member. If it is set to clear, it is saved in plaintext. If it is set to hashed, the password is saved in hash encryption. It is saved in plain text to facilitate password modification, but the security is not high. It is highly secure to encrypt and save with a hash code, but it is very troublesome to change the password.

Maxinvalidpasswordattempts. By default, the user is allowed to enter the wrong password five times. After the wrong password is entered five times, the user will be automatically locked. Islockedout = true;

 

Minrequirednonalphanumericcharacters obtains the minimum number of special characters that a valid Password must contain. If you want to set the password at will, it is best to set it to 0

 

Minrequiredpasswordlength the minimum length required to obtain the password.

 

After configuring web. config, you can create the registration page.

The registration page can be divided into four types:

① You only need to register the user and password.

② You only need to register the user name, password, and email

③ The user name, password, and email address must be registered, and the password prompt and answer must also be provided. So that you can retrieve your password later.

④ When the user is successfully registered, the Administrator must review the user, and the user name cannot be repeated.

Regardless of the registration method, the membership. createuser method is used, but the parameters are different.

Method 1:

Membership. createuser (username, password );

Method 2:

Membership. createuser (username, password, email );

Methods 3 and 4:

Membership. createuser (username, password, email, passwordqestion, passwordanswer, isapproved, status)

Five parameters are required, including the user name, password, email address, password prompt, password prompt answer, review, and registration status.

If you want to ask the user to enter the password prompt and the password prompt answer, make two text boxes. If you do not want the user to enter the value, you can determine two fixed values.

For example:

Membership. createuser (username, password, email, "default", "default", isapproved, status );

Since we have determined two values, why should we use this overload method? It is mainly for the isapproved and status parameters, because the previous two overload methods do not have these two parameters.

Isapprove: sets the user's review status during registration. If it is set to true, the user will be automatically reviewed after registration. If it is set to false, the user can be activated only after the registration is complete and requires administrator review. The audit process is the process of changing the isapproved value from false to true through an SQL statement. Of course, you can also directly modify the database.

Status: registration status. Because successfully registered users write data to the aspnet_users and aspnet_membership tables, the primary keys of these two tables are userid rather than username. Therefore, when registering a user, the default user name and email address can be repeated. If you do not want users to register the same user name and email address, you can set it through status.

Example:

 

Code

 Protected void btnreg_click (Object sender, eventargs E)
{
Membershipcreatestatus status;
Membership. createuser (txtuser. text. trim (), txtpwd. text. trim (), txtemail. text. trim (), "default", "default", false, out status );
Switch (Status)
{
Case membershipcreatestatus. duplicateusername:

Response. Write ("<SCRIPT> alert ('user name already exists! '); Window. Location. href = Window. Location. href </SCRIPT> ");
Break;
Case membershipcreatestatus. Success:

Response. Write ("<SCRIPT> alert ('registration successful, please wait for the instructor to review '); window. Location. href = Window. Location. href </SCRIPT> ");
Break;
Case membershipcreatestatus. duplicateemail:
Response. write ("<SCRIPT> alert ('this mailbox already exists, please register with another mailbox '); window. location. href = Window. location. href </SCRIPT> ");
Break;

Default:

Response. Write ("<SCRIPT> alert ('registration error, please register again! '); Window. Location. href = Window. Location. href </SCRIPT> ");
Break;
}

}

 

 

 

The above code registration is: the password prompt questions and password prompt answers are set to "default"; isapproved is set to false, that is, the registered user needs to be reviewed (change to true if no review is required). Using the status parameter, users can avoid registering the same user name and mailbox.

If you do not need to review, you can also use the first and second registration methods. You need to set enablepasswordretrieval and requiresquestionandanswer to false in Web. config;