ASP.NET Web Pages WebSecurity Reference Manual
description
WebSecurity ASP.NET Web Pages object provides application security and authentication.
By WebSecurity object, you can create user accounts, user logon and logoff, reset or change your password, and more security-related functions.
WebSecurity Object Reference - Property
| 属性 | 描述 |
|---|---|
| CurrentUserId | 获取当前登录用户的 ID。 |
| CurrentUserName | 获取当前登录用户的名称。 |
| HasUserId | 如果当前有用户 ID,则返回 true。 |
| IsAuthenticated | 如果当前用户是登录的,则返回 true。 |
WebSecurity Object Reference - Methods
| 方法 | 描述 |
|---|---|
| ChangePassword() | 为指定的用户更改密码。 |
| ConfirmAccount() | 使用帐户确认令牌确认帐户。 |
| CreateAccount() | 创建一个新的用户帐户。 |
| CreateUserAndAccount() | 创建一个新的用户帐户。 |
| GeneratePasswordResetToken() | 生成一个密码重置令牌,可以在电子邮件中发送给用户以便用户可以重设密码。 |
| GetCreateDate() | 获取指定会员创建的时间。 |
| GetPasswordChangeDate() | 获取密码变更的日期和时间。 |
| GetUserId() | 根据用户名称获取用户 ID。 |
| InitializeDatabaseConnection() | 初始化 WebSecurity 系统(数据库)。 |
| IsConfirmed() | 检查用户是否已被确认。如果已确认,则返回 true。(例如,可通过电子邮件进行确认。) |
| IsCurrentUser() | 检查当前用户的名称是否与指定用户名匹配。如果匹配,则返回 true。 |
| Login() | 设置身份验证令牌,登录用户。 |
| Logout() | 移除身份验证令牌,注销用户。 |
| RequireAuthenticatedUser() | 如果用户未通过身份验证,则设置 HTTP 状态为 401(未经授权)。 |
| RequireRoles() | 如果当前用户不是指定角色的成员,则设置 HTTP 状态为 401(未经授权)。 |
| RequireUser() | 如果当前用户不是指定用户名的用户,则设置 HTTP 状态为 401(未经授权)。 |
| ResetPassword() | 如果密码重置令牌是有效的,改变用户的密码为新密码。 |
| UserExists() | 检查指定的用户是否存在。 |
Technical data
| 名称 | 值 |
|---|---|
| Class | WebMatrix.WebData.WebSecurity |
| Namespace | WebMatrix.WebData |
| Assembly | WebMatrix.WebData.dll |
Database initialization WebSecurity
If you want to use WebSecurity objects in your code, you must first create or initialize WebSecurity database.
In your Web root directory, create a file called _AppStart.cshtml page (if it already exists, you will directly edit page).
Copy the following code to the file:
_AppStart.cshtml
WebSecurity.InitializeDatabaseConnection("Users", "UserProfile", "UserId", "Email", true);
}
The above code will run at each site (application) starts. It initializes the WebSecurity database.
"Users" are WebSecurity database (Users.sdf) name.
"UserProfile" is name of the database table that contains user configuration information.
"UserId" that contains the user ID (primary key) the name of the column.
"Email" is the name of a user name column.
Finally, a true parameter is a Boolean value that indicates if the user configuration tables and Member tables do not exist, it will automatically create a table. If you do not want to automatically create a table, you should set the parameter to false.
 | Although true to automatically create database tables, but the database will not be automatically created. So the database must exist. |
|---|
WebSecurity database
UserProfile table created for each user to save a record, the user ID (primary key) and user name (email):
| UserId | |
|---|---|
| 1 | [email protected] |
| 2 | [email protected] |
| 3 | [email protected] |
Membership table contains membership information, such as when the user is created, if the member has been certified member what time certification, and so on.
As shown below (some of the columns are not displayed):
| User Id |
Create Date |
Confirmation Token |
Is Confirmed |
Last Password Failure |
Password | Password Change |
|---|---|---|---|---|---|---|
| 1 | 12.04.2012 16:12:17 | NULL | True | NULL | AFNQhWfy.... | 12.04.2012 16:12:17 |
Note: If you want to see all the columns and the content, open the database, look at each table inside.
Simple configuration member
When you use WebSecurity objects, if your site is not configured to use ASP.NET Web Pages Member system SimpleMembership, you may be given.
If you configure the server hosting provider and your local server configuration is different, it may also be given. To solve this problem, add the following element in the Web.config file in the website:
<add key="enableSimpleMembership" value="true" />
</appSettings>