Skip to main content

Razor Application Authentication change from email to username

ASP.Net Web Pages - Razor (v2) makes it easy enough to switch from email based authentication to username based login.

I have added some of the major as well as minimum updates that are needed to update the registration process as well as the login process, to enable the application to utilize the username rather than the email for authentication.

Database Update: UserProfile:

Add a new database table column called “UserName” under the table UserProfile of the razor (v2) application.
---------------------------------------

Page Update: ~/_AppStart.cshtml:

WebSecurity.InitializeDatabaseConnection("myConnectionString", "UserProfile", "UserId", "UserName", autoCreateTables: true);
---------------------------------------

Page Update: ~/Account/Register.cshtml:

Add variable under initialize variables:
var userName = "";

Add setup validation:
Validation.RequireField("userName", "You must specify user name.");

Add in IsPost line:
userName = Request.Form["userName"];

Update line token:
var token = WebSecurity.CreateAccount(userName, password, requireEmailConfirmation);

---------------------------------------

Page Update: ~/Account/Login.cshtml:

Follow similar steps of Register page, add variable under initialize variables, add setup validation, capture form request under Validation.IsValid() method and then the following two if logic update from email to username.

First:
if (WebSecurity.UserExists(username) && WebSecurity.GetPasswordFailuresSinceLastSuccess(username) > 4 && WebSecurity.GetLastPasswordFailureDate(username).AddSeconds(60) > DateTime.UtcNow)

Second:
if (WebSecurity.Login(username, password, rememberMe))
---------------------------------------

These steps should allow you to change from email to username. Please note these are just partial details, I hope you can gain the insights on application wide updates needed to implement the complete transition from email to username login.

Additionally: If you like to run a classic asp application, in the same web folder, than make sure to set the folder in the IIS, as virtual folder, that way you can run this .Net 4.0 application, in the same domain of the classic asp application, which may be running on the application pool that utilizes the .Net 2.0 framework.

Note:
These steps are not to be applied on production. Also, previously created users may not be able to login, after the switch, as the password salt or hash may have used the email or vice versa username as part of an encryption key.