ASP.NET web Pages WebSecurity reference manual
May 12, 2021 ASP.NET
Table of contents
1. ASP.NET Web Pages - WebSecurity object
3. WebSecurity Object Reference Manual - Properties
4. WebSecurity Object Reference Manual - Methods
ASP.NET Web Pages - WebSecurity object
ASP.NET security and authentication of web Pages applications is guaranteed by WebSecurity objects, this section describes the properties, methods, and related uses of WebSecurity objects.
Describe
WebSecurity objects provide ASP.NET and authentication for web Pages applications.
With the WebSecurity object, you can create user accounts, sign in and out of users, reset or change passwords, and many more security-related features.
WebSecurity Object Reference Manual - Properties
| Attributes | describe |
|---|---|
| CurrentUserId | Get the ID of the current login user. |
| CurrentUserName | Get the name of the current login user. |
| HasUserId | Returns true if the current user ID is currently available. |
| IsAuthenticated | Returns True if the current user is logged in. |
WebSecurity Object Reference Manual - Methods
| method | describe |
|---|---|
| ChangePassword() | Change your password for the specified user. |
| ConfirmAccount() | Use the account to confirm the token confirmation account. |
| CreateAccount() | Create a new user account. |
| CreateUserAndAccount() | Create a new user account. |
| GeneratePasswordResetToken() | Generate a password reset token that can be sent to the user in an email so that the user can reset the password. |
| GetCreateDate() | Get the time created by the specified member. |
| GetPasswordChangeDate() | Get the date and time of the password change. |
| GetUserId() | Get the user ID according to the user name. |
| InitializeDatabaseConnection() | Initialize the WebSecurity system (database). |
| IsConfirmed() | Check if the user has been confirmed.Returns True if confirmed.(For example, you can confirm with email.) |
| IsCurrentUser() | Check if the name of the current user matches the specified username.Returns true if you match. |
| Login() | Set the authentication token, log in to the user. |
| Logout() | Remove the authentication token, log out of the user. |
| RequireAuthenticatedUser() | If the user does not pass authentication, the HTTP status is set to 401 (unauthorized). |
| RequireRoles() | If the current user is not a member of the specified role, set the HTTP state 401 (unauthorized). |
| RequireUser() | If the current user is not a user who specifies the username, set the HTTP state 401 (unauthorized). |
| ResetPassword() | If the password reset token is valid, change the user's password to the new password. |
| UserExists() | Check if the specified user exists. |
Technical data
| name | value |
|---|---|
| Class | WebMatrix.WebData.WebSecurity |
| Namespace | WebMatrix.WebData |
| Assembly | WebMatrix.WebData.dll |
Initialize the WebSecurity database
If you want to use WebSecurity objects in your code, you must first create or initialize the WebSecurity database.
Under your web root, create a page called _AppStart.cshtml (edit the page directly if it already exists).
Copy the following code to the file:
_AppStart.cshtml
WebSecurity.InitializeDatabaseConnection("Users", "UserProfile", "UserId", "Email", true);
}
The code above will run each time the site (application) starts. It initializes the WebSecurity database.
Users is the name of the WebSecurity .sdf database.
UserProfile is the name of a database table that contains user configuration information.
UserId is the name of a column that contains the user ID (primary key).
"Email" is the name of the column that contains the user name.
The last parameter, true, is a Boolean value that means that if the user configuration table and membership table do not exist, the table is automatically created. If you do not want to create tables automatically, you should set the parameter to false.
|
Although true means that the database table is created automatically, the database is not created automatically. So the database must exist. |
|---|
WebSecurity database
The UserProfile table creates a record for each user, user ID (primary key) and user name (email):
| UserId | |
|---|---|
| 1 | [email protected] |
| 2 | [email protected] |
| 3 | [email protected] |
The Membership form contains membership information, such as when the user was created, whether the member was certified, when the member was certified, and so on.
Here's what it looks like (some columns don't):
|
User
Id |
Create
Date |
Confirmation
Token |
Is
Confirmed |
Last
Password Failure |
Password |
Password
Change |
|---|---|---|---|---|---|---|
| 1 | 12.04.2012 16:12:17 | NULL | True | NULL | AFNQhWfy.... | 12.04.2012 16:12:17 |
Note: If you want to see all the columns and content, open the database and see each table in it.
Simple membership configuration
When you use a WebSecurity object, you may report an error if your site is not configured to use simpleMembership, the ASP.NET Web Pages membership system.
If the configuration of your hosting service provider's server is different from that of your local server, you may also report an error. To solve this problem, add the following elements to the Web.config file of your Web site:
<add key="enableSimpleMembership" value="true" />
</appSettings>
These are the introductions to WebSecurity objects.