ASP.NET Web Pages – Registration Page

[ This is an 8 part tutorial, previous tutorial Setup ]

In the Register.cshtml page add the following:

var UserName = "";
var Forename = "";
var Surname = "";  
var message = "";
if (IsPost)
UserName = Request["UserName"];
var Password = Request["Password"];
var ConfirmPassword = Request["ConfirmPassword"];
Forename = Request["Forename"];
Surname = Request["Surname"];  
Validation.RequireFields("UserName", "Password", "ConfirmPassword", "Forename", "Surname");
Validator.StringLength(16, 6)
Validator.Regex(@"\w+([-+.']\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*", "Please enter a correct email address format")
if (ConfirmPassword != Password)
    Validation.AddFormError("Sorry passwords do not match");

The first three variables outside of the If (IsPost) are global. They will be applied to the HTML value attribute, so if the user makes a mistake while filing in the data we can preserve some of the data but not preserve the passwords. The AntiForgery.Validate() ensures that the data submitted came from the user who submitted it. After that, you request the data from the HTML elements and begin validating the forms. The user name will  be in an email address format. The password must be 6 characters long but no more than 16 characters. Finally we ensure that both passwords match.

if (Validation.IsValid())
    var user = new{Forename = Forename, Surname=Surname};
    var token = WebSecurity.CreateUserAndAccount(UserName, Password, user, true);
    var confirmationMessage = "Thank You for registering, please confirm your account at: " + Request.Url.GetLeftPart(UriPartial.Authority) + "/account/confirmaccount?token=" + HttpUtility.HtmlEncode(token);
    WebMail.Send(to:UserName, subject:"Please confirm account", body:confirmationMessage, isBodyHtml:true);
    message = "Thank You! Your account has been created you must confirm your account please check your email.";
}catch (Exception ex)
    message = ex.Message;

Once the data is valid we begin creating the account in a try catch block. The user variable is an array type; this collects additional information about the user. You first specify the column name in the database and then after the = sign is the HTML element which will collect this data. We have given both the same name to avoid confusion.

Next you have a token variable, which will store the confirmation token. The CreateUserAndAccount method takes 4 arguments:

  • Username
  • Password
  • Additional information (which is the user variable)
  • Add Boolean which specifies if the account will require confirmation

The confirmation message is the message we will send to the user. Here we add a small message and then concatenate a few lines.  The line Request.Url.GetLeftPart(UriPartial.Authority) simply gets the protocol, host and port, and finally we concatenated this: “/account/confirmaccount?token=” + HttpUtility.HtmlEncode(token). So now the URL will look like this in the email message:


The HttpUtility.HtmlEncode converts the token to an HTML encoded string.


For the sake of brevity the HTML will not be explained here.

<form method="post">
<label>UserName (Email)</label>
<input type="text" name="UserName" value="@UserName"/>
<input type="password" name="Password" />
<label>Confirm Password</label>
<input type="password" name="ConfirmPassword" />
<input type="text" name="Forename" value="@Forename"/>
<input type="text" name="Surname" value="@Surname"/>
<input type="submit" value="Register"/>

The AntiForgery.GetHtml() adds a token to the form. You must specify this along with AntiForgery.Validate(), which ensures that the data was submitted by the user.

Now you should register yourself.

[ continue, Account Confirmation Page]