Creating moderated user accounts using CreateUserWizard and ASP.NET 2.0 default providers

Written on December 19, 2005

Actually I'm developing an online shop where one of the software requirements is, that users can register themself - but their accounts will be disabled until they're proofed by an Admin.

Since ASP.NET 2.0 Membership default providers don't provide a simple method for disabling an user's account, I solved it this way (without implementing my own Membership Provider):

1. Setup ASP.NET 2.0 Membership Database (or enhance existing database with Membership features):

Run:aspnet_regsql.exe -E -S localhost -A mrp -d MyExistingDB

which add's membership, role and profile tables, views and stored procedures to your database.

2. Add SqlMembershipProvider and SqlProfileProvider declaration to your web.config:







As you can see, I've added a Profile property called "Enabeld" type of "bool" which holds the information whether the user is enabled or disabled.

The next step leads to the register.aspx, which contains a CreateUserWizard control which has been modified optically (that doesn't matter at all):

The required changes made to the CreateUserWizard are:

Changing the LoginCreatedUser property to false and...

Adding the following code to the CreatedUser-Event of your CreateUserWizard:

ProfileCommon prof = Profile.GetProfile(MyCreateUserWizard.UserName);
prof.Enabled = false;
prof.Save();

The last step is to add a Login Control to your login.aspx:

and adding the following code to the LoggedIn-Event of your Login control:

ProfileCommon pc = Profile.GetProfile(MyLoginControl.UserName);
if (!pc.Enabled) {
FormsAuthentication.SignOut();
Response.Redirect("AccountDisabled.aspx");
}