2

I need to send the user a url with a token so that the user can click on that link and view my page without logging in to the system. This user has been created in my system, but has not set a password, I want this user not to see the other pages but only see the page that I allow. Please help me to come up with a solution in this regard.

Thanks all.

Dipak Delvadiya
  • 2,112
  • 2
  • 19
  • 33
Tran Audi
  • 587
  • 1
  • 6
  • 22

1 Answers1

7

Create one table in your database like below

enter image description here

Insert the entry in this table when you send the link to particular user. As an example, Here I inserted two entries for UserId 10 and 12

enter image description here

Make one procedure or function to validate the token against request.

CREATE PROCEDURE sp_ValidateUserIdAndTokenId
    @UserId INT,
    @TokenId varchar(50)
AS
BEGIN
    -- SET NOCOUNT ON added to prevent extra result sets from
    -- interfering with SELECT statements.
    SET NOCOUNT ON;

    IF ISNULL(@UserId,0) <> 0 AND ISNULL(@TokenId,'') <> ''
    BEGIN

        IF EXISTS(SELECT 1 FROM UserToken WHERE UserID = @UserId AND TokenID = @TokenId)
        BEGIN

            Declare @TokenInsertedDateTime AS DateTime
            Declare @IsTokenExpired AS Bit

            SET @TokenInsertedDateTime = (SELECT TokenInserted FROM UserToken WHERE UserID = @UserId AND TokenID = @TokenId)
            -- Here Calculate the token time difference in minutes for one day i.e. 1440 minutes. 
            SET @IsTokenExpired = (SELECT CASE WHEN DATEDIFF(MINUTE, @TokenInsertedDateTime, GETDATE()+1) > 1440 THEN 0 ELSE 1 END)

            SELECT @IsTokenExpired


        END
    END
END

Now, When request comes in controller's action at that time you have to make a call the database to identify the Token and User in newly created table and determine the request is valid or not(You can also calculate the interval of time for particular token).

[HttpGet]
[AllowAnonymous]
public ActionResult Add(int userId, string tokenId)
{
   // Determine the request with tokenId and validate your tokenId
   // make the database call of created procedure or function and validate your userid and token here.
   return View();
}
Dipak Delvadiya
  • 2,112
  • 2
  • 19
  • 33
  • But if you do, you will see my page. I want to generate a url with a token so only the person who received the url can view the page. And I want the token to expire for some time. – Tran Audi May 22 '17 at 06:41
  • You can add token_Id as parameter in action and identify the token_Id with some custom logic(validate with database like anything) so based on this logic you can determine that the requested URL should need to go ahead or not. – Dipak Delvadiya May 22 '17 at 06:53
  • I understand you, that's exactly what I need. But I do not know how to generate the token and validate it. I have a user that has been saved in the system, this user has email and username (no password). I need to email this user, which contains a url-token to allow them to access a certain page in my system through that token. The token will expire at certain intervals. Please help me, since I am new to this technology. – Tran Audi May 22 '17 at 07:39
  • Did you saved the generated token in Database with some relationship? – Dipak Delvadiya May 22 '17 at 08:08
  • I do not mean it. I want to generate token from email or userid, then send url + token to user. When they click on the url-token to get to my page, I will check the token to see if the token is valid, if valid will show my page. In short, I want to know how to generate from email or userid, and how to test the token when the user clicks on the url-token. – Tran Audi May 22 '17 at 08:15
  • Do you have valid UserId in your database? If yes than I will post the answer of your question. – Dipak Delvadiya May 22 '17 at 08:31
  • Yes. I have userId in my database. – Tran Audi May 22 '17 at 08:33
  • Tran, I think now you get idea.(After edited my answer) – Dipak Delvadiya May 22 '17 at 10:51