ASP.NET Web Pages - WebSecurity Object
Description
The WebSecurity Object provides security and authentication for ASP.NET Web Pages applications.
Through the WebSecurity object, you can create user accounts, log in and out users, reset or change passwords, and perform many other security-related functions.
WebSecurity Object Reference Manual - Properties
| Property | Description |
|---|---|
| CurrentUserId | Gets the ID of the currently logged-in user. |
| CurrentUserName | Gets the name of the currently logged-in user. |
| HasUserId | Returns true if there is a current user ID. |
| IsAuthenticated | Returns true if the current user is logged in. |
WebSecurity Object Reference Manual - Methods
| Method | Description |
|---|---|
| ChangePassword() | Changes the password for the specified user. |
| ConfirmAccount() | Confirms an account with an account confirmation token. |
| CreateAccount() | Creates a new user account. |
| CreateUserAndAccount() | Creates a new user account. |
| GeneratePasswordResetToken() | Generates a password reset token that can be emailed to the user for password reset. |
| GetCreateDate() | Gets the date the specified member was created. |
| GetPasswordChangeDate() | Gets the date and time when the password was changed. |
| GetUserId() | Gets the user ID from the user name. |
| InitializeDatabaseConnection() | Initializes the WebSecurity system (database). |
| IsConfirmed() | Checks if the user has been confirmed. Returns true if confirmed. (For example, confirmed via email.) |
| IsCurrentUser() | Checks if the current user's name matches the specified user name. Returns true if it matches. |
| Login() | Sets the authentication token to log in the user. |
| Logout() | Removes the authentication token to log out the user. |
| RequireAuthenticatedUser() | Sets the HTTP status to 401 (Unauthorized) if the user is not authenticated. |
| RequireRoles() | Sets the HTTP status to 401 (Unauthorized) if the current user is not a member of the specified roles. |
| RequireUser() | Sets the HTTP status to 401 (Unauthorized) if the current user is not the specified user name. |
| ResetPassword() | Changes the user's password to a new password if the password reset token is valid. |
| UserExists() | Checks if the specified user exists. |
Technical Data
| Name | Value |
|---|---|
| Class | WebMatrix.WebData.WebSecurity |
| Namespace | WebMatrix.WebData |
| Assembly | WebMatrix.WebData.dll |
Initialize WebSecurity Database
If you want to use the WebSecurity object in your code, you must first create or initialize the WebSecurity database.
In your web root directory, create a page named _AppStart.cshtml (if it already exists, edit the page).
Copy the following code into the file:
_AppStart.cshtml
The code above will run every time the website (application) starts. It initializes the WebSecurity database.
"Users" is the name of the WebSecurity database (Users.sdf).
"UserProfile" is the name of the database table that contains user profile information.
"UserId" is the name of the column that contains the user ID (primary key).
"Email" is the name of the column that contains the user name.
The last parameter true is a Boolean value indicating that if the user profile table and membership table do not exist, they will be created automatically. If you do not want to create tables automatically, set the parameter to false.
| | Although true indicates automatic creation of database tables, the database itself will not be created automatically. Therefore, the database must exist. | | --- | --- |
WebSecurity Database
The UserProfile table creates a record for each user, with the user ID (primary key) and user name (email):
| UserId | |
|---|---|
| 1 | [email protected] |
| 2 | [email protected] |
| 3 | [email protected] |
The Membership table contains membership information, such as when the user was created, whether the membership has been confirmed, when the membership was confirmed, etc.
As follows (some columns are not displayed):
| UserId | CreateDate | ConfirmationToken | IsConfirmed | LastPasswordFailure | Password | PasswordChange |
|---|---|---|---|---|---|---|
| 1 | 12.04.2012 16:12:17 | NULL | True | NULL | AFNQhWfy.... | 12.04.2012 16:12:17 |
Note: If you want to see all columns and contents, open the database and look at each table.
Simple Membership Configuration
When using the WebSecurity object, you may encounter errors if your site is not configured to use the ASP.NET Web Pages membership system SimpleMembership.
Errors may also occur if the configuration of the hosting service provider's server differs from that of your local server. To resolve this issue, add the following element to the Web.config file of your website: