Description

The WebSecurity Object provides security and authentication for ASP.NET Web Pages applications.

With the WebSecurity object you can create user accounts, login and logout users, reset or change passwords, and more.

WebSecurity Object Reference - Properties

Properties	Description
CurrentUserId	Gets the ID for the current user
CurrentUserName	Gets the name of the current user
HasUserId	Returns true if the current has a user ID
IsAuthenticated	Returns true if the current user is logged in

WebSecurity Object Reference - Methods

Method	Description
ChangePassword()	Changes the password for a user
ConfirmAccount()	Confirms an account using a confirmation token
CreateAccount()	Creates a new user account
CreateUserAndAccount()	Creates a new user account
GeneratePasswordResetToken()	Generates a token that can be sent to as user by email
GetCreateDate()	Gets the time the specified membership was created
GetPasswordChangeDate()	Gets the date and time when password was changed
GetUserId()	Gets a user ID from a user name
InitializeDatabaseConnection()	Initializes the WebSecurity system (database)
IsConfirmed()	Checks if a user is confirmed
IsCurrentUser()	Checks if the current user matches a user name
Login()	Logs the user in by setting a token in the cookie
Logout()	Logs the user out by removing the token cookie
RequireAuthenticatedUser()	Exits the page if the user is not an authenticated user
RequireRoles()	Exits the page if the user is not a part of the specified roles
RequireUser()	Exits the page if the user is not the specified user
ResetPassword()	Changes a user's password using a token
UserExists()	Checks if a given user exists

Initializing the WebSecurity Database

You must create or initialize an WebSecurity database before you can use the WebSecurity object in your code.

In the root of your web, create a page (or edit the page ) named _AppStart.cshtml.

Put the following code inside the file:

_AppStart.cshtml

@{
WebSecurity.InitializeDatabaseConnection("Users", "UserProfile", "UserId", "Email", true);
}

The code above will run each time the web site (application) starts. It initializes the WebSecurity database.

"Users" is the name of the WebSecurity database (Users.sdf).

"UserProfile" is the name of the database table that contains the user profile information.

"UserId" is the name of the column that contains the user IDs (primary key).

"Email" is the name of the column that contains user names.

The last parameter true is a boolean value indicating that the user profile and membership tables should be created automatically if they don't exist, otherwise false.

Although true indicates automatic creation of the database tables, the database itself will not be created automatically. It must exist.

The WebSecurity Database

The UserProfile table contains one record for each user, with a user ID (primary key) and the user's name (email):

UserId	Email
1	[email protected]
2	[email protected]
3	[email protected]

The Membership table will contain membership information about when the user was created and if (and when) the membership was confirmed.

Much like this (some columns are not shown):

User Id	Create Date	Confirmation Token	Is Confirmed	Last Password Failure	Password	Password Change
1	12.04.2012 16:12:17	NULL	True	NULL	AFNQhWfy....	12.04.2012 16:12:17

Simple Membership Configuration

You might get errors using the WebSecurity object, if your site is not configured to use the ASP.NET Web Pages membership system SimpleMembership.

This can occur if a hosting provider's server is configured differently than your local server. To fix this, add the following element to the site's Web.config file:

<appSettings>
<add key="enableSimpleMembership" value="true" />
</appSettings>