Web Pages Security

ASP.NET Web Pages - WebSecurity Object

Description

WebSecurity Object Provided by ASP. NET Web Pages applications.

Through the WebSecurity object, you can create user accounts, log in and out of users, reset or change passwords, and more security-related functions.

WebSecurity Object Reference Manual - Properties

Properties	Description
CurrentUserId	Get the ID of the currently logged in user.
CurrentUserName	Get the name of the currently logged in user.
HasUserId	Returns true if there is currently a user ID.
IsAuthenticated	Returns true if the current user is logged in.

WebSecurity Object Reference Manual - Methods

Method	Description
ChangePassword()	Change the password for the specified user.
ConfirmAccount()	Confirm the account using the account confirmation token.
CreateAccount()	Create a new user account.
CreateUserAndAccount()	Create a new user account.
GeneratePasswordResetToken()	Generates a password reset token that can be sent to the user in an email so that the user can reset their password.
GetCreateDate()	Get the time when the specified member was created.
GetPasswordChangeDate()	Get the date and time of password change.
GetUserId()	Get the user ID based on the user name.
InitializeDatabaseConnection()	Initialize the WebSecurity system (database).
IsConfirmed()	Check whether the user has been confirmed. Returns true if confirmed. (Confirmation can be by email, for example.)
IsCurrentUser()	Checks whether the current user's name matches the specified username. If there is a match, returns true.
Login()	Set the authentication token and log in the user.
Logout()	Remove the authentication token and log out the user.
RequireAuthenticatedUser()	Sets the HTTP status to 401 (Unauthorized) if the user is not authenticated.
RequireRoles()	Sets the HTTP status to 401 (Unauthorized) if the current user is not a member of the specified role.
RequireUser()	If the current user is not the user with the specified username, set the HTTP status to 401 (Unauthorized).
ResetPassword()	If the password reset token is valid, change the user's password to the new password.
UserExists()	Check whether the specified user exists.

Technical Data

Name	Value
Class	WebMatrix.WebData.WebSecurity
Namespace	WebMatrix.WebData
Assembly	WebMatrix.WebData.dll

Initialize the WebSecurity database

If you want to use WebSecurity objects in your code, first you must create or initialize the WebSecurity database.

In your web root directory, create a page named _AppStart.cshtml (if it already exists, edit the page directly).

Copy the following code to the file:

_AppStart.cshtml

@{
WebSecurity.InitializeDatabaseConnection("Users", "UserProfile", "UserId", "Email", true);
}

The above code will run every time the website (application) starts. It initializes the WebSecurity database.

"Users" is the name of the WebSecurity database (Users.sdf).

"UserProfile" is the name of the database table that contains user configuration information.

"UserId" is the name of the column containing the user ID (primary key).

"Email" is the name of the column containing the username.

The last parameter true is a Boolean value, indicating that if the user configuration table and membership table do not exist, the tables will be automatically created. If you do not want to automatically create the table, you should set the parameter to false.

	Although true means automatically creating the database table, the database will not be automatically create. So the database must exist.

WebSecurity database

UserProfile The table creates and saves a record for each user, user ID (primary key ) and user name (email):

##UserIdEmail1 john@johnson.net2peter@peterson.com3lars@ larson.eut

Membership table contains member information, such as when the user was created, whether the member has been authenticated, and when the member was authenticated ,etc.

The specifics are as follows (some columns are not displayed):

UserCreateConfirmationIsLastPasswordPassword1

Note: If you want to see all columns and contents, please open the database and look at each table inside.

Simple Membership Configuration

When you use the WebSecurity object, if your site is not configured to use the ASP.NET Web Pages membership systemSimpleMembership, it may Report an error.

If the configuration of the hosting provider's server is different from the configuration of your local server, an error may also be reported. To resolve this issue, add the following element to your website's Web.config file:

← Web Pages - Class

Web Pages database →

submit

php.cn

Id	Date	Token	Confirmed	Password Failure		Change
##12.04.2012 16:12:17	NULL	True	NULL	AFNQhWfy....	12.04.2012 16:12:17