设计新用户确认(通过电子邮件验证)
我正在开发一个 ASP.Net 应用程序,需要验证用户是否合法而不是垃圾邮件。一旦新用户输入他们的名字、姓氏、电子邮件地址,我的应用程序将发送一封电子邮件来验证用户的真实性。该电子邮件将包含一个确认用户帐户的链接。
我正在寻求有关电子邮件链接背后逻辑的帮助。一旦用户点击链接,会发生什么?
我有一个使用验证码的网站,但在阻止垃圾邮件方面运气不佳(我知道你无法阻止 100% 垃圾邮件),类似于 阻止垃圾邮件发送者创建帐户(reCaptcha 不起作用)
I am developing an ASP.Net application that will need to verify that the user is legit and not a spam. Once the new user enters their first name, last name, email address, my application will send an email to verify the user's authenticity. The email would conatin a link that would confirm the users account.
I am looking help on what the logic is behind the email link. Once the user clicks the link, what happens?
I have had a website that has used Captcha, and not had much luck stopping spam (I know you can't stop 100% spam) similar to this Stopping spammers from creating accounts (reCaptcha not doing the trick)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
正如 Rook 在下面指出的,最简单的方法是使用验证码。
如果您还需要验证电子邮件,请参阅下文。
您可以生成批准 GUID 并将其传递到电子邮件 URL,这会将用户标记为活动。
例如,在users表中添加一个名为ApprovalID的列,并在用户注册时生成一个新的GUID,即
您应该在此阶段将用户标记为非活动状态。
然后在电子邮件正文中传递用户 ID 和 GUID
然后是一个简单的页面 verify.aspx
Code Behind
As Rook has pointed out below, the simplest way is to use Captcha.
If you need to verify the email as well though, see below.
You could generate an approval GUID and pass it to the email URL which would mark the User as Active.
For example, add a column called ApprovalID to the users table and generate a new GUID when the user registers, i.e.
You should mark the user as inactive at this stage.
Then pass the User Id and GUID in the email body
Then a simple page verify.aspx
Code Behind
发送确认链接并不能阻止垃圾邮件。通过电子邮件向某人发送带有 加密随机数 的链接只是确保他们可以收到电子邮件,机器人也可以收到电子邮件。
阻止垃圾邮件的最佳方法是使用 capthca,我建议使用 reCapthca。当用户注册您的服务时,您应该使用验证码提示用户。
Sending a confirmation link doesn't do anything to stop spam. Emailing someone a link with a Cryptographic Nonce just insures that they can receive email, bots can also receive email.
The best way stop spam is by using capthca, and I recocmend using reCapthca. You should prompt the user with a capthca when a user signs up for your service.