The security and authentication of ASP.NET WebPages applications are guaranteed through the WebSecurity object. This section introduces you to the properties, methods and related uses of the WebSecurity object.
The WebSecurity object provides security and authentication for ASP.NET Web Pages applications.
Through the WebSecurity object, you can create user accounts, log in and out users, reset or change passwords, and many other security-related functions.
| property | describe |
|---|---|
| CurrentUserId | Get the ID of the currently logged in user. |
| CurrentUserName | Get the name of the currently logged in user. |
| HasUserId | Returns true if there is currently a user ID. |
| IsAuthenticated | Returns true if the current user is logged in. |
| method | describe |
|---|---|
| ChangePassword() | Change the password for the specified user. |
| ConfirmAccount() | Confirm the account using the account confirmation token. |
| CreateAccount() | Create a new user account. |
| CreateUserAndAccount() | Create a new user account. |
| GeneratePasswordResetToken() | Generates a password reset token that can be sent to the user in an email so that the user can reset their password. |
| GetCreateDate() | Get the creation time of the specified member. |
| GetPasswordChangeDate() | Get the date and time the password was changed. |
| GetUserId() | Get the user ID based on the user name. |
| InitializeDatabaseConnection() | Initialize the WebSecurity system (database). |
| IsConfirmed() | Check if the user has been confirmed. Returns true if confirmed. (Confirmation can be via email, for example.) |
| IsCurrentUser() | Checks whether the current user's name matches the specified username. If there is a match, return true. |
| Login() | Set the authentication token and log in the user. |
| Logout() | Remove the authentication token and log out the user. |
| RequireAuthenticatedUser() | If the user is not authenticated, sets the HTTP status to 401 (Unauthorized). |
| RequireRoles() | If the current user is not a member of the specified role, sets the HTTP status to 401 (Unauthorized). |
| RequireUser() | If the current user is not the user with the specified username, set the HTTP status to 401 (Unauthorized). |
| ResetPassword() | If the password reset token is valid, change the user's password to the new password. |
| UserExists() | Checks whether the specified user exists. |
| name | value |
|---|---|
| Class | WebMatrix.WebData.WebSecurity |
| Namespace | WebMatrix.WebData |
| Assembly | WebMatrix.WebData.dll |
If you want to use WebSecurity objects in your code, first you must create or initialize the WebSecurity database.
In your web root directory, create a page called _AppStart.cshtml (or edit the page directly if it already exists).
Copy the following code into the file:
@{ WebSecurity.InitializeDatabaseConnection("Users", "UserProfile", "UserId", "Email", true); }The above code will run every time the website (application) starts. It initializes the WebSecurity database.
"Users" is the name of the WebSecurity database (Users.sdf).
"UserProfile" is the name of the database table that contains user profile information.
"UserId" is the name of the column containing the user ID (primary key).
"Email" is the name of the column containing the username.
The last parameter true is a Boolean value, indicating that if the user configuration table and membership table do not exist, the tables will be automatically created. If you do not want to automatically create the table, you should set the parameter to false .
 | Although true means that the database table will be automatically created, the database will not be automatically created. So the database must exist. |
|---|
The UserProfile table creates and saves a record for each user, user ID (primary key) and user name (email):
| UserId | |
|---|---|
| 1 | [email protected] |
| 2 | [email protected] |
| 3 | [email protected] |
The Membership table contains membership information, such as when the user was created, whether the member has been authenticated, when the member was authenticated, etc.
The details are as follows (some columns are not shown):
| User ID | Create Date | Confirmation Token | Is Confirmed | Last Password Failure | Password | Password Change |
|---|---|---|---|---|---|---|
| 1 | 12.04.2012 16:12:17 | NULL | True | NULL | AFNQhWfy.... | 12.04.2012 16:12:17 |
Note: If you want to see all columns and contents, open the database and look at each table inside.
When you use the WebSecurity object, if your site is not configured to use the ASP.NET Web Pages membership system SimpleMembership , an error may be reported.
Errors may also occur if the hosting provider's server is configured differently than your local server. To resolve this issue, add the following element to your website's Web.config file:
<appSettings> <add key="enableSimpleMembership" value="true" /> </appSettings>
The above is an introduction to the WebSecurity object.