This project is read-only.

Basic Membership overview

All old Membership functions are depricated and not implemented in new Simple Membership. So instead of old Membership class you need to use new WebSecurity class that is using new functions of SimpleMembership.

In new SimpleMembership Provider we have two entities: Account and User. User is just info about user like addres, billing details and all other info you wish to add. Account is logon details. If you create user you cant login until account is created. You cant create user without account. Description of required functions would be described lower on the page.

Current membership provider is not using InitializeDatabaseConnection function b/c it is using mongodb that does not need any table pre-creation before using. All they are create on first call

WebSecurity functions overview
  • bool ChangePassword(string userName, string currentPassword, string newPassword) - is used for password change for user with passed username and confirmed by old password. Returns result of password change
  • bool ConfirmAccount(string accountConfirmationToken) - is used to confirm account, that was create not confirmed. Convinient to use with registration through email. Returns result of account confirmation.
  • bool ConfirmAccount(string userName, string accountConfirmationToken) - the same as previous function but also is getting username for determining which uesr to confirm in case there two same account confirmation tokens. Returns result of account confirmation.
  • string CreateAccount(string userName, string password, bool requireConfirmationToken = false) - creates account with passed username and password. By default all accounts are confirmed. If you pass third parameter True, then function will return confirmation token. Andif you want this account have ability to login, you need to confirm it by functions described above
  • string CreateUserAndAccount(string userName, string password, object propertyValues = null, bool requireConfirmationToken = false) - functions that creates User and Account at the same time. preportyValues is any object where membership will goby every property and create the same properrty in db. Confirmation token is the same as in function above.
  • string GeneratePasswordResetToken(string userName, int tokenExpirationInMinutesFromNow = 1440) - is used for restoring password through email. So before sending email to user you generate rest token and add it to link, that is inside email body.
  • bool ResetPassword(string passwordResetToken, string newPassword) - this function will reset password to new pasword if resetToken is right.
  • bool UserExists(string userName) - checks if user exists.
  • void RequireUser(string userName), void RequireUser(string userName), void RequireUser(int userId), void RequireRoles(params string[] roles), void RequireAuthenticatedUser() -- If the current user is not the specified user, sets the HTTP status to 401 (Unauthorized).
  • void Logout() - log off current user from membership system.
  • bool IsCurrentUser(string userName) - check if passed username is current user.
  • bool IsConfirmed(string userName) - check if account is conformed.
  • int GetUserIdFromPasswordResetToken(string token) - get userid by passsword reset token.
  • int GetPasswordFailuresSinceLastSuccess(string userName) - return number of password faolure since last success login.
  • DateTime GetPasswordChangedDate(string userName) - get last password change date.
  • DateTime GetLastPasswordFailureDate(string userName) - get last password failure date.
  • DateTime GetCreateDate(string userName) - get create date of user.
  • int GetUserId(string userName) - get userid
  • bool IsAccountLockedOut(string userName, int allowedPasswordAttempts, int intervalInSeconds), bool IsAccountLockedOut(string userName, int allowedPasswordAttempts, TimeSpan interval) - returns a value that indicates whether the specified membership account is temporarily locked because of too many failed password attempts in the specified number of seconds.
  • bool Login(string userName, string password, bool persistCookie = false) - login to system.

Roles functions overview
  • string[] GetAllRoles() - get all user roles in db.
  • string[] GetRolesForUser() - get all roles for current user.
  • string[] GetRolesForUser(string username) - get all roles for specified user.
  • string[] GetUsersInRole(string roleName) - get all users that belong to role.
  • bool IsUserInRole(string roleName) - checks if current user in specified role.
  • bool IsUserInRole(string username, string roleName) - checks if specified user belongs to specified role.
  • void RemoveUserFromRole(string username, string roleName) - remove specified user from specified role.
  • void RemoveUserFromRoles(string username, string[] roleNames) - remove specified user from specified roles.
  • void RemoveUsersFromRole(string[] usernames, string roleName) - remove specified users from specified role.
  • void RemoveUsersFromRoles(string[] usernames, string[] roleNames) - remove specified users from specified roles.
  • bool RoleExists(string roleName) - check if role exists.
  • string[] FindUsersInRole(string roleName, string usernameToMatch) - Gets an array of user names in a role where the user name contains the specified user name to match.
  • void AddUsersToRole(string[] usernames, string roleName) - add specified users from specified role.
  • void AddUsersToRoles(string[] usernames, string[] roleNames) - add specified users from specified roles.
  • void AddUserToRoles(string username, string[] roleNames) - add specified user from specified roles.
  • void AddUserToRole(string username, string roleName) - add specified user from specified role.
  • void CreateRole(string roleName) - create specified role.
  • bool DeleteRole(string roleName) - delete specified role.
  • bool DeleteRole(string roleName, bool throwOnPopulatedRole) - delete specified role and throw exception if it is assigned to any user.

Examples of usage:
WebSecurity.CreateUserAndAccount("test_user", "test_user");

Tips: WebSecurity is absctraction under new membership class. So if you want to use other functions for Extended Membership Provider you need to do following:
var provider = Membership.Provider as ExtendedMembershipProvider; provider.DeleteAccount("userName");

Note: Provider must be derived from extended membership provider. Above example is deleting account. This function is not exist in WebSecurity class but membership is implemened it.

Last edited Aug 2, 2013 at 8:40 AM by F0rc0sigan, version 2


No comments yet.