I am creating a simple register form and I wanted to know if anyone could give me a list of some best practices. I understand it may differ between registration forms, but maybe some guidelines or things to watch out for like vulnerabilities. My data access layer will be using Entity FrameWork and linq in order to handle the queries.
Practices that I would think make sense:
- Validate form when the model is binded to the business object (whats the best way to accomplish this?)
- Server-side validation AND client side validation
- Checking for SQL injection? (Any best practices on this?)
- Use dependency injection for my account manager object
My registration fields are going to be the following:
- First Name
- Last Name
- Email (must be an email that HAS to be an email from a select few sites i.e. @gmail.com, @yahoo.com, @live.com)
- School
- Password
- Status (static drop down of 3 or so options)
I would also really like email activation as well where the user would have to go to his or her email in order to make their account active.
System.ComponentModel.DataAnnotationsnamesapce forvalidating your view models.
form submissions
For the email part:
In the past, I’ve created a database table that maps emails to random generated strings. When you send the complete registration email, provide a link that uses that random string or guid or whatever:
mydomain/completeregistration/7593098573903 whatevernow, once the client follows that link, and you handle that request, mark their registration as complete in the database. (this should also have the effect preventing subsequent requests to that URL)