My boss gave me a list of 8K users in csv format and asking me to create accounts for them. The list have users with gmail, hotmail, and organization email addresses.
I am using MVC 5 and ASP.NET identity 2.
As I am reading CSV file, I am creating the user, and generating a token for them as below:
var userManager = new ApplicationUserManager(new UserStore<ApplicationUser>(_db));
var dataProtectionProvider = new DpapiDataProtectionProvider("Sample");
userManager.UserTokenProvider = new DataProtectorTokenProvider<ApplicationUser>(dataProtectionProvider.Create("ASP.NET Identity"));
string code = userManager.GenerateEmailConfirmationToken(appUser.Id);
var callbackUrl = "http://localhost:2595/Account/Verify?t="+appUser.Id+"&c="+HttpUtility.UrlEncode(code);
SendMail(callbackUrl, appUser.Email);
Once I create a callback URL, I send an email to the user. When the User clicks on the link I sent, user goes to a password registration page, creates password and then logs in with the password he/she created.
Does this approach has any security flaws?
Aucun commentaire:
Enregistrer un commentaire