 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / General / May 2007help in approach needed
Hello. I'll explain the needs first of all. We need to send a link by email (to an existing customer) so while he press the link his data will show on a form which he can update. we need to ensuare couple of things : 1) the link we sending to his email , has an id with customer ID, how to prevent the customer from changing the id and maybee see others data ? 2) we do not want to use user_id, password mechanisim to let him log on to the form the link redirects to, is there any other ways to ensure that the customer wont pass his email with his link to someone else ? we thought of maybe instead of the link we will send small form with button and when the user click on it we maybe can take his email from his email client and compare that email to the one in our DB , to ensure that he/she is right now using the form we want. Is this possible ? TIA for any direction > 1) the link we sending to his email , has an id with customer ID, how to > prevent the customer from changing the id and maybee see others data ? Create a table EmailForm CustomerID UniqueEmailID 1 33ad06ca-ed68-41a2-ab37-d95be21b590e 2 f69403f3-3083-4760-b692-965640f9d712 and send a link in the following format Email.aspx?UniqueEmailID=f69403f3-3083-4760-b692-965640f9d712 This will ensure that the customer will accessed only own data. Such UniqueEmailID can be generated using the System.Guid.NewGuid() method. > 2) we do not want to use user_id, password mechanisim to let him log on to > the form the link redirects to, is there any other ways to ensure that the > customer > wont pass his email with his link to someone else ? I don't think it's possible. > Hello. > I'll explain the needs first of all. [quoted text clipped - 8 lines] > 1) the link we sending to his email , has an id with customer ID, how to > prevent the customer from changing the id and maybee see others data ? You can generate random ids in a sophisticated format so that it won't be easy to guess someone else's id. > 2) we do not want to use user_id, password mechanisim to let him log on > to > the form the link redirects to, is there any other ways to ensure that the > customer > wont pass his email with his link to someone else ? Did you ever see a web site granting access to sensitive data without user authentication? > we thought of maybe instead of the link we will send small form with > button [quoted text clipped - 3 lines] > right > now using the form we want. Is this possible ? No. The user can pick his email in many ways, from different locations or from a web-based email with no email client in the first place. > TIA for any direction  SignatureEliyahu Goldin, Software Developer & Consultant Microsoft MVP [ASP.NET] http://msmvps.com/blogs/egoldin http://usableasp.net I agree with Alex's solution for the first one. Other option is you can encode user's email and pass it along with the ID in the URL and before you save the details on the form, decode the email ID and check if the email goes with the ID. For the second issue, I have used the same approach except that instead of asking for email ID, the secret question the user set up during registration will be asked and the response will be compared with the one the user provides when the email link is clicked. > Hello. > I'll explain the needs first of all. [quoted text clipped - 20 lines] > > TIA for any direction Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.