Description
The WebSecurity object provides security and authentication for ASP.NET Web Pages applications.
With the WebSecurity object, you can create user accounts, log users in and out, reset or change passwords, and perform many other security-related functions.
WebSecurity Object Reference - Properties
| Property | Description |
|---|---|
| CurrentUserId | Gets the ID of the currently logged-in user. |
| CurrentUserName | Gets the name of the currently logged-in user. |
| HasUserId | Returns true if there is a current user ID. |
| IsAuthenticated | Returns true if the current user is logged in. |
WebSecurity Object Reference - Methods
| Method | Description |
|---|---|
| ChangePassword() | Changes the password for a specified user. |
| ConfirmAccount() | Confirms an account using an account confirmation token. |
| CreateAccount() | Creates a new user account. |
| CreateUserAndAccount() | Creates a new user account. |
| GeneratePasswordResetToken() | Generates a password reset token that can be sent to the user via email to allow password reset. |
| GetCreateDate() | Gets the creation time of the specified member. |
| GetPasswordChangeDate() | Gets the date and time of the password change. |
| GetUserId() | Gets the user ID based on the username. |
| InitializeDatabaseConnection() | Initializes the WebSecurity system (database). |
| IsConfirmed() | Checks whether the user has been confirmed. Returns true if confirmed (e.g., via email confirmation). |
| IsCurrentUser() | Checks whether the current user's name matches the specified username. Returns true if it matches. |
| Login() | Sets the authentication token to log in the user. |
| Logout() | Removes the authentication token to log out the user. |
| RequireAuthenticatedUser() | Sets the HTTP status to 401 (Unauthorized) if the user is not authenticated. |
| RequireRoles() | Sets the HTTP status to 401 (Unauthorized) if the current user is not a member of the specified role. |
| RequireUser() | Sets the HTTP status to 401 (Unauthorized) if the current user is not the specified username. |
| ResetPassword() | Changes the user's password to a new password if the password reset token is valid. |
| UserExists() | Checks whether the specified user exists. |
Technical Data
| Name | Value |
|---|---|
| Class | WebMatrix.WebData.WebSecurity |
| Namespace | WebMatrix.WebData |
| Assembly | WebMatrix.WebData.dll |
Initializing the WebSecurity Database
If you want to use the WebSecurity object in your code, you must first create or initialize the WebSecurity database.
In your web root directory, create a page named _AppStart.cshtml (or edit it if it already exists).
Copy the following code into the file:
_AppStart.cshtml
@{
WebSecurity.InitializeDatabaseConnection("Users", "UserProfile", "UserId", "Email", true);
}
The above code will run every time the website (application) starts. It initializes the WebSecurity database.
"Users" is the name of the WebSecurity database (Users.sdf).
"UserProfile" is the name of the database table containing user profile information.
"UserId" is the name of the column containing the user ID (primary key).
"Email" is the name of the column containing the username.
The last parameter true is a boolean value indicating whether the user profile table and membership table will be automatically created if they do not exist. Set this parameter to false if you do not want automatic table creation.
| Although true enables automatic creation of database tables, the database itself will not be automatically created. The database must already exist. |
WebSecurity Database
The UserProfile table stores one record per user, including the user ID (primary key) and username (email):
| UserId | |
|---|---|
| 1 | john@johnson.net |
| 2 | peter@peterson.com |
| 3 | lars@larson.eut |
The Membership table contains membership information, such as when the user was created, whether the member is confirmed, when the member was confirmed, etc.
An example is shown below (some columns are not displayed):
| User Id | Create Date | Confirmation Token | Is Confirmed | Last Password Failure | Password | Password Change |
|---|---|---|---|---|---|---|
| 1 | 12.04.2012 16:12:17 | NULL | True | NULL | AFNQhWfy.... | 12.04.2012 16:12:17 |
Note: If you want to see all columns and their contents, open the database and examine each table.
Simple Membership Configuration
When using the WebSecurity object, you may encounter errors if your site is not configured to use the ASP.NET Web Pages membership system SimpleMembership.
Errors may also occur if your hosting provider's server configuration differs from your local server configuration. To resolve this, add the following element to your site's Web.config file:
<appSettings>
<add key="enableSimpleMembership" value="true" />
</appSettings>
```
YouTip