Class WebSecurity
A utility class used for dealing with USER security in Umbraco
Inheritance
Namespace: Umbraco.Web.Security
Assembly: Umbraco.Web.dll
Syntax
public class WebSecurityConstructors
View SourceWebSecurity(HttpContextBase, IUserService, IGlobalSettings)
Declaration
public WebSecurity(HttpContextBase httpContext, IUserService userService, IGlobalSettings globalSettings)Parameters
| Type | Name | Description |
|---|---|---|
| System.Web.HttpContextBase | httpContext | |
| IUserService | userService | |
| IGlobalSettings | globalSettings |
Properties
View SourceCurrentUser
Gets the current user.
Declaration
public virtual IUser CurrentUser { get; }Property Value
| Type | Description |
|---|---|
| IUser | The current user. |
UserManager
Declaration
protected BackOfficeUserManager<BackOfficeIdentityUser> UserManager { get; }Property Value
| Type | Description |
|---|---|
| BackOfficeUserManager<BackOfficeIdentityUser> |
Methods
View SourceClearCurrentLogin()
Clears the current login for the currently logged in user
Declaration
public virtual void ClearCurrentLogin()GetSessionId()
Returns the current user's unique session id - used to mitigate csrf attacks or any other reason to validate a request
Declaration
public virtual string GetSessionId()Returns
| Type | Description |
|---|---|
| System.String |
GetUserId()
Gets the current user's id.
Declaration
public virtual Attempt<int> GetUserId()Returns
| Type | Description |
|---|---|
| Attempt<System.Int32> |
IsAuthenticated()
Ensures that a back office user is logged in
Declaration
public bool IsAuthenticated()Returns
| Type | Description |
|---|---|
| System.Boolean |
PerformLogin(Int32)
Logs a user in.
Declaration
public virtual double PerformLogin(int userId)Parameters
| Type | Name | Description |
|---|---|---|
| System.Int32 | userId | The user Id |
Returns
| Type | Description |
|---|---|
| System.Double | returns the number of seconds until their session times out |
RenewLoginTimeout()
Renews the user's login ticket
Declaration
public virtual void RenewLoginTimeout()ValidateBackOfficeCredentials(String, String)
Validates credentials for a back office user
Declaration
public virtual bool ValidateBackOfficeCredentials(string username, string password)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | username | |
| System.String | password |
Returns
| Type | Description |
|---|---|
| System.Boolean |
Remarks
This uses ASP.NET Identity to perform the validation
ValidateCurrentUser()
Validates the currently logged in user and ensures they are not timed out
Declaration
public virtual bool ValidateCurrentUser()Returns
| Type | Description |
|---|---|
| System.Boolean |
ValidateCurrentUser(Boolean, Boolean)
Validates the current user assigned to the request and ensures the stored user data is valid
Declaration
public virtual ValidateRequestAttempt ValidateCurrentUser(bool throwExceptions, bool requiresApproval = true)Parameters
| Type | Name | Description |
|---|---|---|
| System.Boolean | throwExceptions | set to true if you want exceptions to be thrown if failed |
| System.Boolean | requiresApproval | If true requires that the user is approved to be validated |
Returns
| Type | Description |
|---|---|
| ValidateRequestAttempt |