I am using a link button in a mail which will be sent to different persons (Consider same mail server). If a user clicks from his mail, he will be redirected to a particular Web API.
I need to know "which mail user has clicked the link button?" from the mail.
TIA.
You would need to add a link to the button in the email which passed a unique identifying token to the page that you could then track.
Some systems will have the link go through to a tracking link first that logs the link press and the redirects the user to the final destination. This is a common pattern used by systems like MailChimp.
Related
I am designing some Forgot Password functionality in an ASP.NET application, and had a question about the best way to secure the endpoint where a user can reset their password.
How I imagine this to work is (roughly) the following:
User clicks 'Forgot Password' on the login form
User is taken to a screen where they will enter their email associated with their account
User is then taken to a screen where they can answer some security questions (required by my company)
After answering questions correctly, the user will be sent an email containing a link.
User clicks the link in their email which will take them to a password reset form
My question here is, how can I ensure that when someone arrives at this password reset form that they arrived there from clicking on that email link, and didn't just manually type in the URL to get there?
One solution I've thought of was to encrypt some data and append it as a parameter in the URL inside the email. So when they click that link, I can decrypt the data and ensure it came from a valid email before serving the form. But I'm not sure the best way to go about this.
A solution consists of creating a token that can be used once on the reset page. You send by email a link similar to https://example.com/PasswordLost?token=467dc4ad9acf4, then the site checks that the token is valid and displays the password change page. To add more security it is possible to limit the validity of the token in time: about ten minutes are largely sufficient. Once in use, the token should no longer be usable.
There are many ways to generate the token. You can generate a random string and store it in a database with the associated email address and the expiration date of the token. Then, you can validate it by querying the database. The other solution that I prefer, is to generate a token that is ciphered by the server. Then, you can decipher it and validate the data it contains (user email and expiration date, last password changed date). This way you don't have to store anything on the server. This is what ASP.NET Core Identity does.
You can read my blog post about how to implement Password reset feature in a web application? for more information.
I am using Microsoft Graph API v1.0 to list all user emails in hero card with a subject, from and mail body. I added a new button named "Reply" with card action.
CardAction(ActionTypes.OpenUrl, "Reply", value: "<<Reply URL>>")
Requirement:
When I click "Reply", a new tab should open with a specific email account (Gmail, Outlook.com, Office 365 etc.) to send the reply from.
Note:
User is already authenticated with specific account in browser.
Reply To participants is optional when I click that button
I am implementing this in Bot Framework V3
Example: I logged into my web outlook account in the browser, when I click "Reply" along with previous messages email thread, it will show us to write mail body, add participants in reply to (in case if we need to add more).
So my requirement of "Reply" button in hero card should work like as example I mentioned.
Is this even possible to provide a WEB LINK for that reply button in hero card of each email? If Yes could let me know for which type of email account supports?
Could someone explain to me how to send a verification email, without using asp.net usercreation wizard, i want it so that when the email is sent, it will contain a url link to activate an account
First Add a field to Users table called RegisterGuidId with type uniqueidentifier
Second after registration send a normal email to user with link to your activation page with new generated RegisterGuidId
Third after user redirected to you activation page use the generated guid to get user data from database
Basically what you need to do is, when the user registers generate a hash that is specific to the user (ideally something that can't be predicted by the bad guys) -> send this hash to the email that the user provided.
If you get a request with the url/hash that means he verified his account.
That's the basic idea anyway.
I have an asp.net site where I am using a XML based Tiny Membership provider. I want to send an email on email address provided by user while he creates an account on my site, which will have link. Its only after clicking on this link I want his account to get activated. How can incorporate this functionality in existing default behavior of Membership Provider?
When you create the user, set MembershipUser.IsApproved to false, and send an email with the link to the new user. The Membership.CreateUser method has a parameter isApproved for this purpose.
When the user clicks on the link, validate then set MembershipUser.IsApproved to true.
In the new user registration page, how to check whether the email id entered by a user is valid? I want to check the entered email id actually exists before the user submits his information. Please do not give code for checking email id string using regular expression, I want to check whether the entered email id actually exists.
You can not "check" that reliably. You need to "ask", send an email to that address with a secret code that your users must enter on your site, or a link with the secret code that the user must click.
Edit: About the reliably part.
While an SMTP server may respond that a mail address is invalid they usually don't, because that would help spammers identify valid addresses more easily. That would also require your code to talk directly to the SMTP servers responsible for each domain. Usually you send mail though your local SMTP server that does the job of forwarding the mail to the right recipient(s).
What you can do however is at least check that the domain exists by asking your favorite DNS service.
In order to do this, you'd need to telnet to the email provider in order to check if it exists. Hotmail, for one, will not allow you to do this.
You should be using membership system for your ASP.net registration form.
Here is a good article explaining how it all works:
https://web.archive.org/web/20211020202857/http://www.4guysfromrolla.com/articles/120705-1.aspx
Including a page on how to verify email addresses like you describe
The only 100% accurate method is to send it an email and ask the user to click a link in that email to complete registration.
Short of that, there is a falible method of connecting to the mailserver. I'll see if I can find a good article(here you go) and edit this post with a link shortly.
This depends on the email provider. most of the providers block this option to prevent spammers from knowing which address is valid...