ASP.NET Web Pages - WebSecurity Object

Description

The WebSecurity Object provides security and authentication for ASP.NET Web Pages applications.

With the WebSecurity object you can create user accounts, login and logout users, reset or change passwords, and more.


WebSecurity Object Reference - Properties

Properties

Description

CurrentUserId

Gets the ID for the current user

CurrentUserName

Gets the name of the current user

HasUserId

Returns true if the current has a user ID

IsAuthenticated

Returns true if the current user is logged in



WebSecurity Object Reference - Methods

Method

Description

ChangePassword()

Changes the password for a user

ConfirmAccount()

Confirms an account using a confirmation token

CreateAccount()

Creates a new user account

CreateUserAndAccount()

Creates a new user account

GeneratePasswordResetToken()

Generates a token that can be sent to as user by email

GetCreateDate()

Gets the time the specified membership was created

GetPasswordChangeDate()

Gets the date and time when password was changed

GetUserId()

Gets a user ID from a user name

InitializeDatabaseConnection()

Initializes the WebSecurity system (database)

IsConfirmed()

Checks if a user is confirmed

IsCurrentUser()

Checks if the current user matches a user name

Login()

Logs the user in by setting a token in the cookie

Logout()

Logs the user out by removing the token cookie

RequireAuthenticatedUser()

Exits the page if the user is not an authenticated user

RequireRoles()

Exits the page if the user is not a part of the specified roles

RequireUser()

Exits the page if the user is not the specified user

ResetPassword()

Changes a user's password using a token

UserExists()

Checks if a given user exists



Initializing the WebSecurity Database

You must create or initialize an WebSecurity database before you can use the WebSecurity object in your code.

In the root of your web, create a page (or edit the page ) named _AppStart.cshtml.

Put the following code inside the file:

_AppStart.cshtml

@{
WebSecurity.InitializeDatabaseConnection("Users", "UserProfile", "UserId", "Email", true);
}

The code above will run each time the web site (application) starts. It initializes the WebSecurity database.

"Users" is the name of the WebSecurity database (Users.sdf).

"UserProfile" is the name of the database table that contains the user profile information.

"UserId" is the name of the column that contains the user IDs (primary key).

"Email" is the name of the column that contains user names.

The last parameter true is a boolean value indicating that the user profile and membership tables should be created automatically if they don't exist, otherwise false.

Although true indicates automatic creation of the database tables, the database itself will not be created automatically. It must exist.


The WebSecurity Database

The UserProfile table contains one record for each user, with a user ID (primary key) and the user's name (email):

UserId

Email

1

[email protected]

[email protected]

3

[email protected]

The Membership table will contain membership information about when the user was created and if (and when) the membership was confirmed.

Much like this (some columns are not shown):

User
Id

Create
Date

Confirmation
Token

Is
Confirmed

Last
Password
Failure

Password

Password
Change

1

12.04.2012 16:12:17

NULL

True

NULL

AFNQhWfy....

12.04.2012 16:12:17


Simple Membership Configuration

You might get errors using the WebSecurity object, if your site is not configured to use the ASP.NET Web Pages membership system SimpleMembership.

This can occur if a hosting provider's server is configured differently than your local server. To fix this, add the following element to the site's Web.config file:

<appSettings>
<add key="enableSimpleMembership" value="true" />
</appSettings>

 

WebPages Security

Login
ADS CODE