Class WebSecurity
A utility class used for dealing with USER security in Umbraco
Namespace:System.Dynamic.ExpandoObject
Assembly:umbraco.dll
Syntax
public class WebSecurity : DisposableObjectSlim, IDisposable
Constructors
WebSecurity(HttpContextBase, ApplicationContext)
Declaration
public WebSecurity(HttpContextBase httpContext, ApplicationContext applicationContext)
Parameters
Type | Name | Description |
---|---|---|
System.Web.HttpContextBase | httpContext | |
ApplicationContext | applicationContext |
Properties
CurrentUser
Gets the current user.
Declaration
public virtual IUser CurrentUser { get; }
Property Value
Type | Description |
---|---|
IUser | The current user. |
UmbracoUserContextId
Declaration
[Obsolete("Returns the current user's unique umbraco sesion id - this cannot be set and isn't intended to be used in your code")]
public string UmbracoUserContextId { get; set; }
Property Value
Type | Description |
---|---|
System.String |
UserManager
Declaration
protected BackOfficeUserManager<BackOfficeIdentityUser> UserManager { get; }
Property Value
Type | Description |
---|---|
BackOfficeUserManager<BackOfficeIdentityUser> |
Methods
ClearCurrentLogin()
Clears the current login for the currently logged in user
Declaration
public virtual void ClearCurrentLogin()
DisposeResources()
Declaration
protected override void DisposeResources()
GetBackOfficeMembershipUser(String, Boolean)
Declaration
[Obsolete("Back office users shouldn't be resolved from the membership provider, they should be resolved usign the BackOfficeUserManager or the IUserService")]
public virtual MembershipUser GetBackOfficeMembershipUser(string username, bool setOnline)
Parameters
Type | Name | Description |
---|---|---|
System.String | username | |
System.Boolean | setOnline |
Returns
Type | Description |
---|---|
System.Web.Security.MembershipUser |
GetSessionId()
Returns the current user's unique session id - used to mitigate csrf attacks or any other reason to validate a request
Declaration
public virtual string GetSessionId()
Returns
Type | Description |
---|---|
System.String |
GetUserId()
Gets the currnet user's id.
Declaration
public virtual int GetUserId()
Returns
Type | Description |
---|---|
System.Int32 |
GetUserId(String)
Gets the user id.
Declaration
[Obsolete("This method is no longer used, use the GetUserId() method without parameters instead")]
public int GetUserId(string umbracoUserContextId)
Parameters
Type | Name | Description |
---|---|---|
System.String | umbracoUserContextId | This is not used |
Returns
Type | Description |
---|---|
System.Int32 |
IsAuthenticated()
Ensures that a back office user is logged in
Declaration
public bool IsAuthenticated()
Returns
Type | Description |
---|---|
System.Boolean |
IsMemberAuthorized(Boolean, IEnumerable<String>, IEnumerable<String>, IEnumerable<Int32>)
Returns true or false if the currently logged in member is authorized based on the parameters provided
Declaration
[Obsolete("Use MembershipHelper.IsMemberAuthorized instead")]
public bool IsMemberAuthorized(bool allowAll = false, IEnumerable<string> allowTypes = null, IEnumerable<string> allowGroups = null, IEnumerable<int> allowMembers = null)
Parameters
Type | Name | Description |
---|---|---|
System.Boolean | allowAll | |
System.Collections.Generic.IEnumerable<System.String> | allowTypes | |
System.Collections.Generic.IEnumerable<System.String> | allowGroups | |
System.Collections.Generic.IEnumerable<System.Int32> | allowMembers |
Returns
Type | Description |
---|---|
System.Boolean |
PerformLogin(Int32)
Logs a user in.
Declaration
public virtual double PerformLogin(int userId)
Parameters
Type | Name | Description |
---|---|---|
System.Int32 | userId | The user Id |
Returns
Type | Description |
---|---|
System.Double | returns the number of seconds until their session times out |
RenewLoginTimeout()
Renews the user's login ticket
Declaration
public virtual void RenewLoginTimeout()
ValidateBackOfficeCredentials(String, String)
Validates credentials for a back office user
Declaration
public virtual bool ValidateBackOfficeCredentials(string username, string password)
Parameters
Type | Name | Description |
---|---|---|
System.String | username | |
System.String | password |
Returns
Type | Description |
---|---|
System.Boolean |
Remarks
This uses ASP.NET Identity to perform the validation
ValidateCurrentUser()
Validates the currently logged in user and ensures they are not timed out
Declaration
public virtual bool ValidateCurrentUser()
Returns
Type | Description |
---|---|
System.Boolean |
ValidateCurrentUser(Boolean, Boolean)
Validates the current user assigned to the request and ensures the stored user data is valid
Declaration
public virtual ValidateRequestAttempt ValidateCurrentUser(bool throwExceptions, bool requiresApproval = true)
Parameters
Type | Name | Description |
---|---|---|
System.Boolean | throwExceptions | set to true if you want exceptions to be thrown if failed |
System.Boolean | requiresApproval | If true requires that the user is approved to be validated |
Returns
Type | Description |
---|---|
ValidateRequestAttempt |
ValidateUserContextId(String)
Validates the user context ID.
Declaration
[Obsolete("This method is no longer used, use the ValidateCurrentUser() method instead")]
public bool ValidateUserContextId(string currentUmbracoUserContextId)
Parameters
Type | Name | Description |
---|---|---|
System.String | currentUmbracoUserContextId | This doesn't do anything |
Returns
Type | Description |
---|---|
System.Boolean |