i have web site with ASP membership default provider. i want to activte new users by email with link to "activate" page. in email html i added link to "activate" page with query string of user id in order to active it. is it safe to do it? it seams sensitive data but i can find any alternatives.code for "activate" page:
protected void Page_Load(object sender, EventArgs e)
{
//request for signed user UserId
Guid newUserId = new Guid(Request.QueryString["UserId"]);
//get signed user
MembershipUser newUser = Membership.GetUser(newUserId);
//activate signed user
newUser.IsApproved = true;
Membership.UpdateUser(newUser);
}
i have the folowing code in activation page after the user activate the account with email link. i am getting "object reference not set to an instance of an object" error for the line " newUser.IsApproved = true;". i check userId string and it gets the user Id string and the string is not empty.why do i get this error?
//request for signed user UserId
Guid activationCode = new Guid(Request.QueryString["ActivationCode"]);
string userId = "";
string ConnectionString = ConfigurationManager.AppSettings["myConnectionString"];
try
{
using (SqlConnection sqlConnection = new SqlConnection(ConnectionString))
{
SqlCommand sqlCommand = new SqlCommand("SELECT user_id FROM ActivationCode WHERE activation_code LIKE '%" + activationCode + "%'", sqlConnection);
sqlConnection.Open();
SqlDataReader userIdRdr;
userIdRdr = sqlCommand.ExecuteReader();
while (userIdRdr.Read())
{
userId = userIdRdr["user_id"].ToString();
}
sqlConnection.Close();
MembershipUser newUser = Membership.GetUser(userId);
//activate signed user
newUser.IsApproved = true;
Membership.UpdateUser(newUser);
}
}
Try this
------------Stored Procedure-------
Hope this will help you.