ASP.NET Web Pages – Membership

[ This is an 8 part tutorial ]

A PDF is available in the downloads section which covers features not discussed here, including registration via username, additional user information and 2-step verification using SMS. Download: ASP.NET Membership (PDF) (NOTICE OBSOLETE). A reference is also available.

ASP.NET Web Pages comes with a default membership class called WebSecurity. The WebSecurity class has all the methods and properties needed to register users. It  has many more features available. This tutorial will show you how to add registration to a website. The registration will have the following features:

  • Registration via email address (email address will be used as username)
  • Account confirmation
  • Forgot password and reset password
  • Change password
  • Add additional user information such as first and last name
  • Account locked out for invalid password attempts
  • Validate user input

Although ASP.NET Web Pages comes with the WebSecurity class it is not necessary to use it. You can use a simple membership provider if you wish, but for this tutorial we will use the WebSecurity Class.


Let’s get started:

  1. Create a new website based on the Personal Site template, and name the website Membership
  2. Create a folder named Account in the root directory and create the following .cshtml files: Register, ResetPassword, Login, ForgotPassword, ConfirmAccount, and AccountLockedOut
  3. Create another folder called Members and create the following .cshtml files: _PageStart, ChangePassword, and Default, Manage
  4. Click databases, add a new SQL Server CE database and name it Membership

Open the _AppStart file and add the following lineabove App.CacheDuration:

WebSecurity.InitializeDatabaseConnection("Membership", "Users", "UserId", "UserName", true);

The InitializeDatabaseConnection method connects to the database specified and creates the tables. It takes 5 arguments which are:

  • Database name
  • The table name
  • The user ID column name
  • The name for the username column
  • Specifies whether it should automatically create the tables if they do not exist

Run the website and once it has loaded refresh the Membership database. You should see that a few tables have been created. These are all linked to the Users table, and each one performs a separate function.

ASP.NET Membership tables

Table Name Description
Users This table stores information about the user, such as the username and any additional information like first name, last name, etc.
webpages_Membership This table stores information on the account such as date created, confirmation token, password failures, and password (encrypted).
webpages_OAuthMembership This table stores information on third party logins. It will store the provider name (eg: Facebook), the provider ID, and the UserID. The user ID is a token to identify the user, the password is not shared.
webpages_Roles This table stores roles. It only stores the role ID and role name, for example a role with the name Admin. Roles allow you to restrict certain parts of the website to unauthorized users. For example, you might have Administrators and Staff each with different roles.
webpages_UsersInRoles This table stores information on what role a user is connected to. For example, user Admin might be in the role Administrator; it stores the UserId and RoleId, but not the name.

Now in the database section click on Home in the ribbon menu and click on New Query. Copy and execute this:

Forename nvarchar(20),
Surname nvarchar(20)

​This will add two more columns to our Users table. The Users table should now have the following columns. Notice that the UserName column is unique (it will not allow duplicate values).

Table Definition - ASP.NET Membership

In the _AppStart file add your email settings; this is necessary, otherwise you will not be able to register.

WebMail.SmtpServer = "";
WebMail.EnableSsl = true;
WebMail.UserName =  "";
WebMail.Password = "”;

​Lastly in the members folder, open the _PageStart file and add the following:


The RequireAuthenticatedUser method will only allow logged-in users to access this directory.

[Continue, Registration Page]