In this article I will explain with an example, how to generate and verify OTP in ASP.Net using C# and VB.Net.
Note: For the ASP.Net Membership configuration, please refer my article Simple User Registration Form Example in ASP.Net.
 
 
Database
The following Table UserOTP is used in this article.
Generate and verify OTP in ASP.Net using C# and VB.Net
 
Note: You can download the database table SQL by clicking the download link below.
         Download SQL file
 
 
Registration Page
Note: The registration page has already been explained in my article Simple User Registration Form Example in ASP.Net, and hence here only necessary code and explanations (required for this article) are provided.
 
Inside the RegisterUser event handler, the stored procedure first checks whether the username and email address already exists.
If yes then, the SendActivationEmail method is executed and user is redirected to Activation page.
C#
protected void RegisterUser(object sender, EventArgs e)
{
    int userId = 0;
    string constr = ConfigurationManager.ConnectionStrings["constr"].ConnectionString;
    using (SqlConnection con = new SqlConnection(constr))
    {
        using (SqlCommand cmd = new SqlCommand("Insert_User"))
        {
            using (SqlDataAdapter sda = new SqlDataAdapter())
            {
                cmd.CommandType = CommandType.StoredProcedure;
                cmd.Parameters.AddWithValue("@Username", txtUsername.Text.Trim());
                cmd.Parameters.AddWithValue("@Password", txtPassword.Text.Trim());
                cmd.Parameters.AddWithValue("@Email", txtEmail.Text.Trim());
                cmd.Connection = con;
                con.Open();
                userId = Convert.ToInt32(cmd.ExecuteScalar());
                con.Close();
            }
        }
        string message = string.Empty;
        switch (userId)
        {
            case -1:
                message = "Username already exists.\\nPlease choose a different username.";
                break;
            case -2:
                message = "Supplied email address has already been used.";
                break;
            default:
                this.SendActivationEmail(userId);
                Response.Redirect("~/Activation.aspx");
                break;
        }
        ClientScript.RegisterStartupScript(this.GetType(), "alert", "alert('" + message + "');", true);
    }
}
 
VB.Net
Protected Sub RegisterUser(sender As Object, e As EventArgs)
    Dim userId As Integer = 0
    Dim constr As String = ConfigurationManager.ConnectionStrings("constr").ConnectionString
    Using con As New SqlConnection(constr)
        Using cmd As New SqlCommand("Insert_User")
            Using sda As New SqlDataAdapter()
                cmd.CommandType = CommandType.StoredProcedure
                cmd.Parameters.AddWithValue("@Username", txtUsername.Text.Trim())
                cmd.Parameters.AddWithValue("@Password", txtPassword.Text.Trim())
                cmd.Parameters.AddWithValue("@Email", txtEmail.Text.Trim())
                cmd.Connection = con
                con.Open()
                userId = Convert.ToInt32(cmd.ExecuteScalar())
                con.Close()
            End Using
        End Using
        Dim message As String = String.Empty
        Select Case userId
            Case -1
                message = "Username already exists.\nPlease choose a different username."
                Exit Select
            Case -2
                message = "Supplied email address has already been used."
                Exit Select
            Case Else
                message = "Registration successful. Activation email has been sent."
                Me.SendActivationEmail(userId)
                Response.Redirect("~/Activation.aspx")
                Exit Select
        End Select
        ClientScript.RegisterStartupScript(Me.GetType(), "alert", "alert('" & message & "');", True)
    End Using
End Sub
 
SendActivationEmail Method
Inside the SendActivationEmail method, a random OTP is generated using GenerateOTP method and it is inserted in the UserOTP table.
Note: For more details on how to generate random OTP, please refer my article Generate Unique Random OTP (One Time Password) in ASP.Net using C# and VB.Net.
 
Then, an email is sent to the user’s email address with the OTP.
Note: For more details on how to send Email, please refer my article Send Email with example in ASP.Net using C# and VB.Net.
 
C#
private void SendActivationEmail(int userId)
{
    string activationCode = this.GenerateOTP();
    string constr = ConfigurationManager.ConnectionStrings["constr"].ConnectionString;
    using (SqlConnection con = new SqlConnection(constr))
    {
        using (SqlCommand cmd = new SqlCommand("INSERT INTO UserOTP VALUES(@UserId, @ActivationCode)"))
        {
            using (SqlDataAdapter sda = new SqlDataAdapter())
            {
                cmd.Parameters.AddWithValue("@UserId", userId);
                cmd.Parameters.AddWithValue("@ActivationCode", activationCode);
                cmd.Connection = con;
                con.Open();
                cmd.ExecuteNonQuery();
                con.Close();
            }
        }
    }
 
    SmtpSection smtpSection = (SmtpSection)ConfigurationManager.GetSection("system.net/mailSettings/smtp");
    using (MailMessage mm = new MailMessage(smtpSection.From, "admin@aspsnippets.com"))
    {
        string body = "Hello " + txtUsername.Text.Trim() + ",";
        body += "<br /><br />Following is your OTP.";
        body += "<br /><b>" + activationCode + "</b>";
        body += "<br /><br />Thanks";
 
        mm.Subject = "Account Activation";
        mm.Body = body;
        mm.IsBodyHtml = true;
        SmtpClient smtp = new SmtpClient();
        smtp.Host = smtpSection.Network.Host;
        smtp.EnableSsl = smtpSection.Network.EnableSsl;
        NetworkCredential networkCred = new NetworkCredential(smtpSection.Network.UserName, smtpSection.Network.Password);
        smtp.UseDefaultCredentials = smtpSection.Network.DefaultCredentials;
        smtp.Credentials = networkCred;
        smtp.Port = smtpSection.Network.Port;
        smtp.Send(mm);
    }
}
 
protected string GenerateOTP()
{
    string characters = "1234567890";
    string otp = string.Empty;
    for (int i = 0; i < 5; i++)
    {
        string character = string.Empty;
        do
        {
            int index = new Random().Next(0, characters.Length);
            character = characters.ToCharArray()[index].ToString();
        } while (otp.IndexOf(character) != -1);
        otp += character;
    }
    return otp;
}
 
VB.Net
Private Sub SendActivationEmail(userId As Integer)
    Dim activationCode As String = Me.GenerateOTP()
    Dim constr As String = ConfigurationManager.ConnectionStrings("constr").ConnectionString
    Using con As New SqlConnection(constr)
        Using cmd As New SqlCommand("INSERT INTO UserOTP VALUES(@UserId, @ActivationCode)")
            Using sda As New SqlDataAdapter()
                cmd.Parameters.AddWithValue("@UserId", userId)
                cmd.Parameters.AddWithValue("@ActivationCode", activationCode)
                cmd.Connection = con
                con.Open()
                cmd.ExecuteNonQuery()
                con.Close()
            End Using
        End Using
    End Using
 
    Dim smtpSection As SmtpSection = CType(ConfigurationManager.GetSection("system.net/mailSettings/smtp"), SmtpSection)
    Using mm As MailMessage = New MailMessage(smtpSection.From, "admin@aspsnippets.com")
        Dim body As String = "Hello " & txtUsername.Text.Trim() & ","
        body += "<br /><br />Following is your OTP."
        body += "<br /><b>" & activationCode & "</b>"
        body += "<br /><br />Thanks"
 
        mm.Subject = "Account Activation"
        mm.Body = body
        mm.IsBodyHtml = True
        Dim smtp As SmtpClient = New SmtpClient()
        smtp.Host = smtpSection.Network.Host
        smtp.EnableSsl = smtpSection.Network.EnableSsl
        Dim networkCred As NetworkCredential = New NetworkCredential(smtpSection.Network.UserName, smtpSection.Network.Password)
        smtp.UseDefaultCredentials = smtpSection.Network.DefaultCredentials
        smtp.Credentials = networkCred
        smtp.Port = smtpSection.Network.Port
        smtp.Send(mm)
    End Using
End Sub
 
Protected Function GenerateOTP() As String
    Dim characters As String = "1234567890"
    Dim otp As String = String.Empty
    For i As Integer = 0 To 4
        Dim character As String = String.Empty
        Do
            Dim index As Integer = New Random().Next(0, characters.Length)
            character = characters.ToCharArray()(index).ToString()
        Loop While otp.IndexOf(character) <> -1
        otp += character
    Next
 
    Return otp
End Function
 
 
Activation Page
HTML Markup
The HTML markup consists of:
TextBox – For entering OTP.
Button – For activating the User Account.
Label – For displaying the Activation status message.
<table border="0" cellpadding="0" cellspacing="0">
    <tr>
        <td>OTP</td>
        <td><asp:TextBox ID="txtOTP" runat="server" /></td>
    </tr>
    <tr>
        <td></td>
        <td><asp:Button Text="Submit" runat="server" OnClick="OnVerify" /></td>
    </tr>
</table>
<hr/>
<h3><asp:Label ID="lblMessage" runat="server" /></h3>
 
Namespaces
You will need to import the following namespaces.
C#
using System.Configuration;
using System.Data.SqlClient;
using System.Drawing;
 
VB.Net
Imports System.Configuration
Imports System.Data.SqlClient
Imports System.Drawing
 
Validating the OTP and activating the User Account
Inside the Button click event handler, the entered OTP received in the Email is validated on the UserOTP table.
Finally, if the OTP is valid, the record is deleted from UserOTP table user will be displayed an Activation success message, else Invalid message is displayed in the Label control.
C#
protected void OnVerify(object sender, EventArgs e)
{
    string constr = ConfigurationManager.ConnectionStrings["constr"].ConnectionString;
    using (SqlConnection con = new SqlConnection(constr))
    {
        using (SqlCommand cmd = new SqlCommand("DELETE FROM UserOTP WHERE ActivationCode = @ActivationCode"))
        {
            cmd.Parameters.AddWithValue("@ActivationCode", txtOTP.Text.Trim());
            cmd.Connection = con;
            con.Open();
            int rowsAffected = cmd.ExecuteNonQuery();
            con.Close();
            if (rowsAffected == 1)
            {
                lblMessage.Text = "Activation successful.";
                lblMessage.ForeColor = Color.Green;
            }
            else
            {
                lblMessage.Text = "Invalid OTP.";
                lblMessage.ForeColor = Color.Red;
            }
        }
    }
}
 
VB.Net
Protected Sub OnVerify(sender As Object, e As EventArgs)
    Dim constr As String = ConfigurationManager.ConnectionStrings("constr").ConnectionString
    Using con As SqlConnection = New SqlConnection(constr)
        Using cmd As SqlCommand = New SqlCommand("DELETE FROM UserOTP WHERE ActivationCode = @ActivationCode")
            cmd.Parameters.AddWithValue("@ActivationCode", txtOTP.Text.Trim())
            cmd.Connection = con
            con.Open()
            Dim rowsAffected As Integer = cmd.ExecuteNonQuery()
            con.Close()
            If rowsAffected = 1 Then
                lblMessage.Text = "Activation successful."
                lblMessage.ForeColor = Color.Green
            Else
                lblMessage.Text = "Invalid OTP."
                lblMessage.ForeColor = Color.Red
            End If
        End Using
    End Using
End Sub
 
 
Screenshots
Inserted record in the UserOTP table
Generate and verify OTP in ASP.Net using C# and VB.Net
 
Activation email sent to the user
Generate and verify OTP in ASP.Net using C# and VB.Net
 
Message displayed when Activation is successful
Generate and verify OTP in ASP.Net using C# and VB.Net
 
 
Downloads
Download Code