By default, Membership API uses a separate username field to login users. I would like to use the email address for users to login. Is this a good idea?
How would I modify the Login, Register a user, Forgot password control to support this?
+2
A:
It's certainly possible to do this. One way is to alter the CreateUserWizard template and remove the default Email textbox and set EmailRequired to false. Then, change the username label to E-mail. If you use the CreateUserWizard control, then you must keep the textbox ID as UserName otherwise an error will be thrown. You can then access the 'username' the same way as usual as the user's email address will be stored in the username column.
If you want, you could also have the email column filled with the username by handling the CreatedUser event. For example, you could do something like this:
MembershipUser currentUser = Membership.GetUser();
currentUser.Email = currentUser.UserName;
currentUser.Update();
This way, the email column is also filled for when you want to use Membership methods. The main downside is that the Membership API doesn't let you change the username. Therefore, if the user changes their email address, their username will remain as the old email address. In order to fix this, you'll have to skip the Membership API and go straight to the SQL code. You can find out how to do that here
keyboardP
2010-03-22 02:58:49
A:
I like using my email address for login name. It generally works very well because I don't have to remember a login for a particular site, and no one else should be using my email address.
But... In addition to Tenaciouslmpy's answer, the other down side is that you then have to be careful about exposing these "usernames". What you'll end up doing is creating some field called "Display Name". Which is totally fine, but just be aware that it's not going to save you any work in the long run to do this.
Bryan
2010-03-22 05:11:24
By exposing these usernames - do you mean displaying the email address on a webpage - and this should be avoided for security reasons?
DotnetDude
2010-03-22 16:17:10
Yes and yes. No one wants their email address exposed in a way that would allow spammers to harvest it.
Bryan
2010-03-22 18:40:32
Good point on the keeping the usernames 'secret' etc, but I am also looking at doing this for some of my site because most of my admin time has been helping people remember their usernames again, using email address will lighten that load considerably!!
Paul Kohler
2010-03-22 21:08:08
@Paul - By default, the Membership API does not require a "confirmation of registration". I plan to implement this by sending an email to the user to click on a confirmation link before activating the account. What has your experience been in the amount of time an admin spends in providing tech support for users with this additional step of having users confirm their account.
DotnetDude
2010-03-23 13:57:23
That's what I had mainly to keep an eye on who was joining, it keeps out the spammers! I found the authorization email good but before I had an iphone there were occasions where I did not get to it on the day. Just depends on your sites requirements etc. If I did it again I would provide all the info I want in the email with a yes and a no link to do it straight off. That said - if you are expecting hundreds a day you could get a bit busy!! ;-)
Paul Kohler
2010-03-23 21:11:43
It appears that you manually authorized users. I am trying to set it up to auto authorize on a click of a link that's sent to the user's email. Our's is a public website and every step that hinders users in registering should be avoided. Having said that, sometimes these are too important to ignore.
DotnetDude
2010-03-24 16:11:09
@DotNetDude - You need to weigh the different options of what your site is aiming to do. If you want to reduce spam-bot registrations, then you could use a CAPTCHA. However, this still means users may create multiple accounts. To prevent this, you could monitor IP addresses (although this has its disadvantages). You could do what you suggest email a confirmation link is clicked. Another method could be to allow access to certain features, but only unlock everything once the confirmation link is clicked. All the options will have advantages and disadvantages.
keyboardP
2010-03-24 17:56:38