This question has problably been asked before, but it seems like I can't phrase my search correctly enough to find the answer.
Normally when you sign up to get access to a forum on the internet, an authorisation email is sent to you and you can click a link which leads you to a page which performs the authorisation.
What I want is to send a mail to an already created user (not logged in though), and let them accept a proposal by clicking on a link in the mail. The link ofcourse points to a page which performs the database operations and show some kind of result.
Which techniques and/or route should I take to implement this? And since this is security related, what should I watch out for?
Kind regards, Casper
When you send the email, generate a big random string and store it in a table with their user ID and some indication of what the link is going to do.
Then send them the email with a link to DoSomething.aspx?id=long_string_here
.
Write DoSomething.aspx
so that it looks up the long string and presents the user with a confirmation of what they will do and a button to do it. No logging in required. You could even leave the user logged in, if you want.
After the action is complete, or every X days, delete the string from the table.
Concerns: