6

Have been searching for quite some time but haven't found any source of how to set up an Account/Email confirmation in SMTP form, instead of any other mode like using SendGrid/MailKit, for an ASP Core 2.1 project using Razor Class Library.

Any suggestion in this regard? How to use IdentityUser in this regard? Is it necessary to scaffold the Identity first? Please see if any of you experts can help in this regard.

marcusturewicz
  • 2,394
  • 2
  • 23
  • 38
Faraz Ahmed Qureshi
  • 88
  • 1
  • 1
  • 11
  • Have you seen [Require email confirmation](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/accconfirm#require-email-confirmation)? – Mark G Jun 28 '18 at 22:36

3 Answers3

13

Using SendGrid and other services is recommended in production since these services are setup to scale properly and can handle sending millions of emails at a time.

However, I do appreciate that it can be nice to setup an SMTP email when running your app in dev.

So, for the most part you can follow the docs on setting up email confirmation. What you need to change is the EmailSender implementation to use your SMTP server.

using System.Net;
using System.Net.Mail;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Identity.UI.Services;

namespace YourApp
{
    public class DevEmailSender : IEmailSender
    {
        public Task SendEmailAsync(string email, string subject, string htmlMessage)
        {
            var client = new SmtpClient("yoursmtpserver") {
                UseDefaultCredentials = false,
                Credentials = new NetworkCredential("yourusername", "yourpassword")
            };
            var mailMessage = new MailMessage {
                From = new MailAddress("account-security-noreply@yourdomain.com")
            };
            mailMessage.To.Add(email);
            mailMessage.Subject = subject;
            mailMessage.Body = htmlMessage;
            return client.SendMailAsync(mailMessage);
        }
    }
}

Then you just need to configure this as a services in ConfigureServices in Startup.cs:

services.AddTransient<IEmailSender, DevEmailSender>();

Setting up an SMTP server is out of scope here, but if you have gmail for instance, you can follow this blog post on how to do so. Again, bear in mind that this is not a production strategy and actually opens your gmail account up to security vulnerabilities, which google will highlight to you when you set it up. However, if you use a throw away account, this can be a quick and dirty solution to getting email confirmation going with ASP.NET Core Identity.

marcusturewicz
  • 2,394
  • 2
  • 23
  • 38
  • Thanks a lot Tura! – Faraz Ahmed Qureshi Jun 29 '18 at 04:33
  • I sure do appreciate the valuable piece of code. However, I have already checked out the said doc of Microsoft but found the same to be referring to 2.0 instead of 2.1. In such a case I don't find class like ApplicationUser anymore while even having Individual Authentication applied in a new project. Is it necessary to have such a class of IdentityUser be setup manually so as to use services.AddIdentity? Thanks again! :-) – Faraz Ahmed Qureshi Jun 29 '18 at 04:41
  • In 2.1, identity is handled in a library by Microsoft so you don't need to add it separately yourself, unless you would like to change the functionality/look of the identity pages. This answer https://stackoverflow.com/a/50676995/6939988 explains further. – marcusturewicz Jun 29 '18 at 05:21
  • No doubt Identity can be scaffolded, but that too doesn't setup an ApplicationUser class? – Faraz Ahmed Qureshi Jun 29 '18 at 05:50
  • If I am not wrong I guess I will have to refer to IdentityUser instead of ApplicationUser as still being referred to in the Microsoft's Doc on Email Confirmation and Password Recovery? Any suggestions in regard of necessary changes to be made? With the HTTPS also setup by default I think I don't even need to setup the same manually, as recommended in the said doc. Sure do appreciate your praiseworthy feedback. – Faraz Ahmed Qureshi Jun 29 '18 at 06:01
  • I believe ApplicationUser was just extending IdentityUser anyway so just having IdentityUser should be fine. HTTPS is on by default now nothing needed to configure there. – marcusturewicz Jun 29 '18 at 06:11
3

When using the sample code above by @marcusturewicz with gmail SMTP, add the port number (587) and also set EnableSsl to ture, as shown below.

 var client = new SmtpClient("smtp.gmail.com",587)
        {
            UseDefaultCredentials = false,
            EnableSsl=true,
            Credentials = new NetworkCredential(userName, password)
        };
yibe
  • 338
  • 3
  • 7
0

There is a simple development smtp server which can be used for dev purposes of sending emails it's called fakeSMTP

ebsk
  • 85
  • 2
  • 8