ASP.NET Web Pages - WebSecurity Object
Description
The WebSecurity Object provides security and authentication for ASP.NET Web Pages applications.
With the WebSecurity object you can create user accounts, login and logout users, reset or change passwords, and more.
WebSecurity Object Reference - Properties
| Properties | Description |
|---|---|
| CurrentUserId | Gets the ID for the current user |
| CurrentUserName | Gets the name of the current user |
| HasUserId | Returns true if the current has a user ID |
| IsAuthenticated | Returns true if the current user is logged in |
WebSecurity Object Reference - Methods
| Method | Description |
|---|---|
| ChangePassword() | Changes the password for a user |
| ConfirmAccount() | Confirms an account using a confirmation token |
| CreateAccount() | Creates a new user account |
| CreateUserAndAccount() | Creates a new user account |
| GeneratePasswordResetToken() | Generates a token that can be sent to as user by email |
| GetCreateDate() | Gets the time the specified membership was created |
| GetPasswordChangeDate() | Gets the date and time when password was changed |
| GetUserId() | Gets a user ID from a user name |
| InitializeDatabaseConnection() | Initializes the WebSecurity system (database) |
| IsConfirmed() | Checks if a user is confirmed |
| IsCurrentUser() | Checks if the current user matches a user name |
| Login() | Logs the user in by setting a token in the cookie |
| Logout() | Logs the user out by removing the token cookie |
| RequireAuthenticatedUser() | Exits the page if the user is not an authenticated user |
| RequireRoles() | Exits the page if the user is not a part of the specified roles |
| RequireUser() | Exits the page if the user is not the specified user |
| ResetPassword() | Changes a user's password using a token |
| UserExists() | Checks if a given user exists |
Initializing the WebSecurity Database
You must create or initialize an WebSecurity database before you can use the WebSecurity object in your code.
In the root of your web, create a page (or edit the page ) named _AppStart.cshtml.
Put the following code inside the file:
_AppStart.cshtml
@{
WebSecurity.InitializeDatabaseConnection("Users", "UserProfile",
"UserId", "Email", true);
}
The code above will run each time the web site (application) starts. It initializes the WebSecurity database.
"Users" is the name of the WebSecurity database (Users.sdf).
"UserProfile" is the name of the database table that contains the user profile information.
"UserId" is the name of the column that contains the user IDs (primary key).
"Email" is the name of the column that contains user names.
The last parameter true is a boolean value indicating that the user profile and membership tables should be created automatically if they don't exist, otherwise false.
Although true indicates automatic creation of the database tables, the database itself will not be created automatically. It must exist.
The WebSecurity Database
The UserProfile table contains one record for each user, with a user ID (primary key) and the user's name (email):
| UserId | |
|---|---|
| 1 | john@johnson.net |
| 2 | peter@peterson.com |
| 3 | lars@larson.eut |
The Membership table will contain membership information about when the user was created and if (and when) the membership was confirmed.
Much like this (some columns are not shown):
| User Id |
Create Date |
Confirmation Token |
Is Confirmed |
Last Password Failure |
Password | Password Change |
|---|---|---|---|---|---|---|
| 1 | 12.04.2012 16:12:17 | NULL | True | NULL | AFNQhWfy.... | 12.04.2012 16:12:17 |
Simple Membership Configuration
You might get errors using the WebSecurity object, if your site is not configured to use the ASP.NET Web Pages membership system SimpleMembership.
This can occur if a hosting provider's server is configured differently than your local server. To fix this, add the following element to the site's Web.config file:
<appSettings>
<add key="enableSimpleMembership" value="true" />
</appSettings>
