ASP.NET Web Pages - WebSecurity Object
- Previous Page WebPages Class
- Next Page WebPages Database
Description
The WebSecurity object provides security and authentication for ASP.NET Web Pages applications.
Through the WebSecurity object, you can create user accounts, log in and log out, reset or change passwords, and so on.
WebSecurity Object Reference Manual - Properties
| Property | Description |
|---|---|
| CurrentUserId | Get the ID of the current user. |
| CurrentUserName | Get the name of the current user. |
| HasUserId | Get the value indicating whether the current user has a user ID. If so, return true. |
| IsAuthenticated | Get the authentication status of the current user. |
WebSecurity Object Reference Manual - Methods
| Property | Description |
|---|---|
| ChangePassword() | Change the user's password. |
| ConfirmAccount() | Confirm the validity of the account and activate the account. |
| CreateAccount() | Create a new user account. |
| CreateUserAndAccount() | Create a new user account. |
| GeneratePasswordResetToken() | Generate a password reset token that can be sent to the user via email. |
| GetCreateDate() | Return the date and time when the specified membership account was created. |
| GetPasswordChangeDate() | Return the date and time when the password of the specified membership account was last changed. |
| GetPasswordFailures SinceLastSuccess() |
Return the number of times the password was entered incorrectly since the last successful login or creation of the membership account. |
| GetUserId() | Return the user ID based on the specified username. |
| GetUserIdFrom PasswordResetToken () |
Return the user ID from the password reset token. |
| InitializeDatabaseConnection() | Initialize the membership system by connecting to a database that contains user information. |
| IsAccountLockedOut() | Indicate whether the specified membership account is locked out due to too many failed password attempts. |
| IsConfirmed() | Return a value indicating whether the user has been confirmed. |
| IsCurrentUser() | Return a value indicating whether the username of the logged-in user matches the specified username. |
| Login() | Log in the user. |
| Logout() | Log out the user. |
| RequireAuthenticatedUser() | If the user is not authenticated, set the HTTP status to 401 (Unauthorized). |
| RequireRoles() | If the current user does not belong to the specified role, set the HTTP status code to 401. |
| RequireUser() | If the current user is not the specified user, set the HTTP status to 401. |
| ResetPassword() | Reset the password by using a password reset token. |
| UserExists() | Check if the user exists. |
Technical Data
| Name | Value |
|---|---|
| Class | WebMatrix.WebData.WebSecurity |
| Namespace | WebMatrix.WebData |
| Assembly | WebMatrix.WebData.dll |
Initialize WebSecurity Database
Before using the WebSecurity object in the code, you must create or initialize the WebSecurity database.
In the web root directory, create or edit the _AppStart.cshtml page.
Write the following code in this file:
_AppStart.cshtml
@{
WebSecurity.InitializeDatabaseConnection("Users", "UserProfile", "UserId", "Email",
true);
}
The above code runs each time the website starts. It initializes the WebSecurity database.
"Users" is the name of the WebSecurity database. (Users.sdf)
"UserProfile" is the name of the database table that contains user configuration information.
"UserId" is the name of the column containing the user ID (primary key).
"Email" is the column name containing the username.
The last parameter true is a logical value indicating that the user profile table and membership table (if they do not exist) should be created, otherwise false.
Tip: Although true indicates the automatic creation of database tables, the database itself is not automatically created. It must exist.
WebSecurity Database
Each record in the UserProfile table represents a user, including the user ID (primary key) and the username (email):
| UserId | |
|---|---|
| 1 | john@johnson.net |
| 2 | peter@peterson.com |
| 3 | lars@larson.eut |
The Membership table contains membership information, such as when the user was created and whether (and when) the membership was confirmed.
Similar to this (some columns are not listed):
| UserId | Creation Date | Confirm Token |
Whether Confirm |
The Last Password Error |
Password | Password Change |
|---|---|---|---|---|---|---|
| 1 | 12.04.2012 16:12:17 | NULL | True | NULL | AFNQhWfy.... | 12.04.2012 16:12:17 |
Note:If you want to see all columns and all content, please open the database through WebMatrix and then view each table.
Simple Membership Configuration
If your site is not configured to use the ASP.NET Web Pages membership system SimpleMembership, you may encounter errors when using the WebSecurity object.
If the configuration of the host provider is different from your local server, an error will occur. To solve this problem, please add the following element to the Web.config file of the site:
<appSettings> <add key="enableSimpleMembership" value="true" /> </appSettings>
- Previous Page WebPages Class
- Next Page WebPages Database
