Forms Authentication - How to verify username and pwd of inactive user?

Question

I'm using forms authentication for an app that allows users to register but not active. We will send out an activation code via snail mail (long story) and the user can return with that info and activate their account.

I want to create a page where the user can come back and enter their username, password and generated key to activate the account. The key I have stored in another table and I plan to generate it. I'm having trouble verifying the username and password with an inactive account. I've tried Membership.ValidateUser(username,password) and it fails but if I activate the account, it works.

Ideas on how to check this?

Answer 1

Activate the account first.

If you are sending them the activation code in an email, have a anonymous access page which receives the activation code from the email (perhaps via querystring), activates the account, and redirects them to a login page with forms authentication activated (assuming the username and password are already created).

If the access code is invalid and fails, you can optionally deactivate the account.

Answer 2

I would not set IsActive = false. That is for disabling an account, preventing any type of login. Instead, I do not see a problem leaving them with the ability to login. I would use a Membership Role to specify when a user is verified. I.e. "Verified".

If they have not activated their account and attempt to login, you simply check to see if they have the Verified role. If not, redirect them to a page of "You account is not yet activated. Please wait for snail mail". Or a "Please enter your verification code below." message.

When they do finally enter the proper verification code from snail mail, you simply add them to the Verified role.

This gives you the control of allowing them to login and "check" the status of their account. And, resolves your IsActive issue.