i am working on the user registrations.I used the basic registration used in the project by default.The problem is that user after registration can access the protected parts of the site. Is it something like build in function for approval of the new registered users?
I find this article : https://web.archive.org/web/20211020153319/https://www.4guysfromrolla.com/articles/062508-1.aspx
“The good news is that configuring the CreateUserWizard control so that new accounts are inactive is a cinch – simply set the control’s DisableCreatedUser property to True”
[As i think, the registered user will be unapproved, until admin approve it in Web Site Administration Tool, correct?]
But i can’t find the DisableCreatedUser attribute.
I suggest you to use
[Authorize(Roles="Role1,Role2")]http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute.aspx to restrict users with specific roles to some actions or a controller. Personally i don’t use strings but an Enum passed to Roles=”” and you can do it making your own MyAuthorizeAttribute deriving fromAuthorizeAttributeTo approve the user activate him somehow, send him an activation email, approve him manually setting the IsActive in database to true or something. Also don’t use default Membership database, make your own and derive your membership and role classes from MembershipProvider http://msdn.microsoft.com/en-us/library/system.web.security.membershipprovider.aspx and RoleProvider http://msdn.microsoft.com/en-us/library/system.web.security.roleprovider.aspx .