0

My Users table (the one that I created) has the following columns:

UserId,UserName,FirstName,LastName,DOB

After I ran this command 

WebSecurity.InitializeDatabaseConnection("DefaultConnection", "Users", "UserId", "UserName", autoCreateTables: true);

it created the required simple membership tables for me.

How would I go about "UnConfirming" an user or setting the "IsConfirmed" flag to false in the webpages_Membership using the new SimpleMembership API?

(Earlier, before going to simplemembership using the "Membership" class I could update an user using the api call : Membership.UpdateUser( user );)

Vijay V
  • 389
  • 5
  • 11
  • 23

4 Answers4

1

I can't answer your question directly since I couldn't figure out a way to 'unconfirm' an account either. What I ended up doing, however, may help whoever finds this question.

I basically use Roles as a gatekeeper. Whenever I create a new account I add that user to a "User" role:

Roles.AddUserToRole(newUser.Username, "User");

I use the Authorize attribute to restrict access to my controllers (and use [AllowAnonymous] for actions that I want to be public -- like RegisterUser, for example). Then, inside each action I add a method to restrict access to only users that are in the "User" role. 

if (!Roles.IsUserInRole(role))
{
    throw new HttpResponseException(
        new HttpResponseMessage(HttpStatusCode.Unauthorized));
}

NOTE: I'm using Web API, but if you're using MVC you should have a much easier time. Instead of manually checking if a user is in a role in each action you can just use the authorize attribute:

[Authorize(Roles = "User")]

When I want to "UnConfirm" a user I just remove them from the "User" role.

Roles.RemoveUserFromRole(user.Username, "User");

This way if a user comes crawling back I can just reactivate their account by adding them back as a User.

brudert
  • 537
  • 8
  • 21
1

What I ended up doing was updating that table directly via a SQL query. Not sure if thats the recommended way of doing it, but that seemed to work for me. (Thanks for your suggestion too).

Vijay V
  • 389
  • 5
  • 11
  • 23
1

Look at this blog post on adding email confirmation to SimpleMembership registration process, which covers how the confirmation process works. The cliff notes are that when you create a new user you set the flag that you want to use confirmation like this.

string confirmationToken = 
   WebSecurity.CreateUserAndAccount(model.UserName, model.Password, new { Email = model.Email }, true);

When you do this the CreateUserAndAccount method returns a unique token that you can put in an email with a link so the user can confirm that they gave you a valid email address. When they click on the link it passes the token in the URL and the controller action can then confirm the token like this.

[AllowAnonymous]
public ActionResult RegisterConfirmation(string Id)
{
    if (WebSecurity.ConfirmAccount(Id))
    {
        return RedirectToAction("ConfirmationSuccess");
    }
    return RedirectToAction("ConfirmationFailure");
}

The ConfirmAccount method checks if there is an uncomfirmed token that matches in the database and if there is it sets the isConfirmed flag to true. The user will not be able to logon until this is set to true.

Kevin Junghans
  • 17,475
  • 4
  • 45
  • 62
-1

set requireConfirmationToken to be true: (The 4th value shown below)

WebSecurity.CreateUserAndAccount(viewModel.UserName, viewModel.Password, null, true);

Source http://www.w3schools.com/aspnet/met_websecurity_createuserandaccount.asp

David C
  • 2,766
  • 6
  • 29
  • 44
  • First, [W3schools should rarely be used for reference material](http://www.w3fools.com/), but more imporantly, this does not answer the question `How would I go about "UnConfirming" an user or setting the "IsConfirmed" flag to false` – Erik Philips Aug 03 '13 at 22:21