When used on a Content Studio document SubscriptionManager displays an interface
that enables visitors to subscribe to one or more subscribable categories. This
control can only handle subscribers stored in the built in Content Studio repository.
Background
SubscriptionManager is used by developers that need to build an interface for
visitors that offers them a possibility to subscribe to all or a subset of
subscribable categories in Content Studio. The control is a composite control
that contains one or more checkboxes, each one representing a subscribable
Content Studio category, and input fields for the subscriber's name and
email-address. There is also a regular command button that triggers the actual
subscribe process.
Examples
Provided that the document author has configured that the SubscriptionManager
should work with the Newsletter and IT department news categories the control
should render something like this to the visitor.
The code below renders the user interface above.
<csx:SubscriptionManager id="SubscriptionManager1"
runat="server"
TextBoxWidth="300px"
LabelWidth="150px"
ConfirmationMailSenderAddress="noreply@coorp.com"
SuccessConfirmationText="You have successfully subscribed to the selected newsletters"
LabelNameText="My name:"
LabelAddressText="My email address:"
ErrorNoNameText="Please, enter your name!"
ErrorMustSelectOneText="Please, select at least one newsletter!"
ErrorInvalidAddressText="The email address is not valid!"
ConfirmationMailDocument="HTML/Newsletters utils/confirmSubscription.aspx"
ButtonText="Subscribe now!"
SuccessUrl="THTML/Newsletters utils/Subscribe success.aspx">
<csx:SubscriptionManagerCheckboxItem runat="server"
RequiresActivation="True"
Category="HTML/Newsletters/Newsletter"
Text="Newsletter"/>
<csx:SubscriptionManagerCheckboxItem runat="server"
Category="HTML/Newsletters/IT Department news"/>
</csx:SubscriptionManager>
Security considerations
This component opens a
integrity problem due to the fact that anyone can subscribe to any of the listed
categories with any name and valid e-mail address. Even though that the email
address is check for validity syntactically no check is made whether the email
address actually exists or whether the name is correct. This opens up an
integrity problem that makes it possible for a malicious person to subscribe on
the behalf of another person without her or his approval. Your solution should
always take this into consideration and there are two obvious approaches to this
problem.
Require login
If your website requires that each user is authenticated in some way and you
have the name and email address of the calling person you can set the
ShowNameAndAddress
property to false. This will prevent the caller from entering a fake address and
name. In this case you must programmatically set the
SubscriberName and
SubscriberAddress properties
to their actual values.
// This will run on page load
protected void Page_Load(object sender, EventArgs e )
{
// This values come from the user's login information
// but are hard coded here for simplicity
SubscriptionManager1.SubscriberName = "John Doe";
SubscriptionManager1.SubscriberAddress = "john.doe@corp.com";
}
Require confirmation
In an environment where the caller is anonymous or when you do not know the name
or email address of the caller you can specify the confirmation is required for
each subscription. When this is implemented the subscription will be added to
the repository but will be inactive until the caller has explicitly activated
it. This is done by an automatically generated email message sent out to the
registered email address. This email message is a Content Studio document you
design where the user's name, address and the name of the subscribable category is
inserted using one of more instances of the
SubscriptionMarker.htm component. When this confirmation mail is sent out
the markers are replaces by the mail sender with the actual values. Just as important
is the SubscriptionLink.htm component that
links to a Content Studio page that implements the actual activation code. The
activation code is most easily implemented by using the SubscriptionAction.htm
component. SubscriptionAction.htm receives
a query string that contains the unique subscription identifier. The mail sender
implementation replaces the standard identifier of the
SubscriptionLink.htm component
to the actual value of the subscription to activate. The only person that can
activate the subscription is now the receiver of the email.
You set confirmation requirement on each listed category individually but the
only one subscription mail documents is used for all of the categories.
Note
If you use the default, built in implementation of the
confirmation functionality you must also configure the mail settings in the
Web.config file or one of parent config files such as Machine.config.
Content Studio cannot send out mail until the mail settings
correctly have been configured. This includes
the name of the Mail server to use and the optional authentication credentials and
method to use. Remember, not all mail server are configured to allow anonymous sending
of mail messages.
The following code example specifies the appropriate SMTP parameters to send e-mail using
the default network credentials using an SMTP server named POSTMAN.
<configuration>
<!--Other setting elements might exist -->
<system.net>
<mailSettings>
<smtp deliveryMethod="network">
<network
host="POSTMAN"
port="25"
defaultCredentials="true"
/>
</smtp>
</mailSettings>
</system.net>
<!--Other configuration elements might exist -->
</configuration>
Advanced functionality
The built in subscription registering and confirmation functionality will
be sufficient for most site builders but it is possible to supply their own
implementation to the control. You can accomplish this by building a programming
module that implements the
ISubscriptionManager
interface. This interface gets called by SubscriptionManager when the user
clicks the submit button. The assembly code must be either located in the System/Code/CSCode or
the System/Code/VBCode Content Studio categories. As an alternative you can upload a compiled
version of the code into the System/Assemblies category.
In order for SubscriptionManager to find and actually use your implementation you
need to specifies the full assembly type information of your implementation
if the control's
SubscriptionImplementation property.