ASP.NET Web Pages - WebSecurity Object


Description

The WebSecurity Object provides security and authentication for ASP.NET Web Pages applications.

With the WebSecurity object you can create user accounts, login and logout users, reset or change passwords, and more.


WebSecurity Object Reference - Properties

Properties Description
CurrentUserId Gets the ID for the current user
CurrentUserName Gets the name of the current user
HasUserId Returns true if the current has a user ID
IsAuthenticated Returns true if the current user is logged in

WebSecurity Object Reference - Methods

Method Description
ChangePassword() Changes the password for a user
ConfirmAccount() Confirms an account using a confirmation token
CreateAccount() Creates a new user account
CreateUserAndAccount() Creates a new user account
GeneratePasswordResetToken() Generates a token that can be sent to as user by email
GetCreateDate() Gets the time the specified membership was created
GetPasswordChangeDate() Gets the date and time when password was changed
GetUserId() Gets a user ID from a user name
InitializeDatabaseConnection() Initializes the WebSecurity system (database)
IsConfirmed() Checks if a user is confirmed
IsCurrentUser() Checks if the current user matches a user name
Login() Logs the user in by setting a token in the cookie
Logout() Logs the user out by removing the token cookie
RequireAuthenticatedUser() Exits the page if the user is not an authenticated user
RequireRoles() Exits the page if the user is not a part of the specified roles
RequireUser() Exits the page if the user is not the specified user
ResetPassword() Changes a user's password using a token
UserExists() Checks if a given user exists


Initializing the WebSecurity Database

You must create or initialize an WebSecurity database before you can use the WebSecurity object in your code.

In the root of your web, create a page (or edit the page ) named _AppStart.cshtml.

Put the following code inside the file:

_AppStart.cshtml

@{
WebSecurity.InitializeDatabaseConnection("Users", "UserProfile", "UserId", "Email", true);
}

The code above will run each time the web site (application) starts. It initializes the WebSecurity database.

"Users" is the name of the WebSecurity database (Users.sdf).

"UserProfile" is the name of the database table that contains the user profile information.

"UserId" is the name of the column that contains the user IDs (primary key).

"Email" is the name of the column that contains user names.

The last parameter true is a boolean value indicating that the user profile and membership tables should be created automatically if they don't exist, otherwise false.

Although true indicates automatic creation of the database tables, the database itself will not be created automatically. It must exist.


The WebSecurity Database

The UserProfile table contains one record for each user, with a user ID (primary key) and the user's name (email):

UserId Email
1 john@johnson.net
peter@peterson.com
3 lars@larson.eut

The Membership table will contain membership information about when the user was created and if (and when) the membership was confirmed.

Much like this (some columns are not shown):

User
Id
Create
Date
Confirmation
Token
Is
Confirmed
Last
Password
Failure
Password Password
Change
1 12.04.2012 16:12:17 NULL True NULL AFNQhWfy.... 12.04.2012 16:12:17

Simple Membership Configuration

You might get errors using the WebSecurity object, if your site is not configured to use the ASP.NET Web Pages membership system SimpleMembership.

This can occur if a hosting provider's server is configured differently than your local server. To fix this, add the following element to the site's Web.config file:

<appSettings>
<add key="enableSimpleMembership" value="true" />
</appSettings>