[BBLISA] best practices for web-driven user account registration process

Michael R. Phelan mphelan at cs.umb.edu
Fri Oct 28 08:17:41 EDT 2005 

Hi,

I'm currently re-evaluating a communities registration application. The 
whole application consists of Microsoft products, including ASP.NET 
and Active Directory. The product architecture is not going to change.

The first step in the process of community creation is user account 
registration.

What are the best practices for user account registration? At present, 
users fill out an ASP.NET (HTML) form. The data in the form is placed
in Active Directory, with an additional acccount status field
that is set to "Unverified." The unverified user's e-mail address is used 
as the destination address for an auto-generated note that contains
a secure link to an ASP.NET (HTML) form. The second HTML form basically 
verifies that the user at that e-mail address wants that account created.
If the user submits the second HTML form, the account status field is changed 
from "Unverified" to "Active." The user is then able to login
to the communities registration application.

One of the problems with this design is that unverified Active Directory
uses get left in the Active Directory domain. This is a result of 
people registering, but never verifying, their account. These need to be 
cleaned out periodically. We've discussed keeping the unverified accounts 
in a secondary data storage area, such as a relational database. This 
would allow us to no longer keep unverified account information in 
Active Directory. We're just concerned about having a second data storage
area for users. We're concerned that we would just have to clean up the 
secondary data storage area instead, or in addition to, the Active 
Directory domain.

There are other issues that we're working to resolve, but this one is so 
generic that I thought there must be a "best practice" for the design. I 
don't think that this is a Microsoft-specific question. You could 
substitute JSP, PHP, cgi-bin, or HTML for the web front-end and Oracle, 
LDAP, MySQL, Ingres or a flat file for the data storage area. I am just 
looking for general patterns for solving the problem.

thanks!

Mike

Michael Phelan
University of Massachusetts at Boston
mphelan at cs.umb.edu

More information about the bblisa mailing list