Adding SampleWebsite

SampleWebsite/About.cshtml

@@ -0,0 +1,60 @@
+@{
+    Layout = "~/_SiteLayout.cshtml";
+    Page.Title = "About";
+}
+
+<hgroup class="title">
+    <h1>@Page.Title.</h1>
+    <h2>Your quintessential app description page.</h2>
+</hgroup>
+
+<article>
+    <p>
+        Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin luctus tincidunt justo nec tempor. 
+        Aliquam erat volutpat. Fusce facilisis ullamcorper consequat. Vestibulum non sapien lectus. Nam 
+        mi augue, posuere at tempus vel, dignissim vitae nulla. Nullam at quam eu sapien mattis ultrices. 
+        Quisque quis leo mi, at lobortis dolor. Nullam scelerisque facilisis placerat. Fusce a augue 
+        erat, malesuada euismod dui. Duis iaculis risus id felis volutpat elementum. Fusce blandit iaculis 
+        quam a cursus. Cras varius tincidunt cursus. Morbi justo eros, adipiscing ac placerat sed, posuere 
+        et mi. Suspendisse vulputate viverra aliquet. Duis non enim a nibh consequat mollis ac tempor 
+        lorem. Phasellus elit leo, semper eu luctus et, suscipit at lacus. In hac habitasse platea 
+        dictumst. Duis dignissim justo sit amet nulla pulvinar sodales.
+    </p>
+
+    <p>
+        Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin luctus tincidunt justo nec tempor. 
+        Aliquam erat volutpat. Fusce facilisis ullamcorper consequat. Vestibulum non sapien lectus. Nam 
+        mi augue, posuere at tempus vel, dignissim vitae nulla. Nullam at quam eu sapien mattis ultrices. 
+        Quisque quis leo mi, at lobortis dolor. Nullam scelerisque facilisis placerat. Fusce a augue 
+        erat, malesuada euismod dui. Duis iaculis risus id felis volutpat elementum. Fusce blandit iaculis 
+        quam a cursus. Cras varius tincidunt cursus. Morbi justo eros, adipiscing ac placerat sed, posuere 
+        et mi. Suspendisse vulputate viverra aliquet. Duis non enim a nibh consequat mollis ac tempor 
+        lorem. Phasellus elit leo, semper eu luctus et, suscipit at lacus. In hac habitasse platea 
+        dictumst. Duis dignissim justo sit amet nulla pulvinar sodales.
+    </p>
+
+    <p>
+        Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin luctus tincidunt justo nec tempor. 
+        Aliquam erat volutpat. Fusce facilisis ullamcorper consequat. Vestibulum non sapien lectus. Nam 
+        mi augue, posuere at tempus vel, dignissim vitae nulla. Nullam at quam eu sapien mattis ultrices. 
+        Quisque quis leo mi, at lobortis dolor. Nullam scelerisque facilisis placerat. Fusce a augue 
+        erat, malesuada euismod dui. Duis iaculis risus id felis volutpat elementum. Fusce blandit iaculis 
+        quam a cursus. Cras varius tincidunt cursus. Morbi justo eros, adipiscing ac placerat sed, posuere 
+        et mi. Suspendisse vulputate viverra aliquet. Duis non enim a nibh consequat mollis ac tempor 
+        lorem. Phasellus elit leo, semper eu luctus et, suscipit at lacus. In hac habitasse platea 
+        dictumst. Duis dignissim justo sit amet nulla pulvinar sodales.
+    </p>
+</article>
+
+<aside>
+    <h3>Aside Title</h3>
+    <p>
+        Fusce facilisis ullamcorper consequat. Vestibulum non sapien lectus. Nam 
+        mi augue, posuere at tempus vel, dignissim vitae nulla.
+    </p>
+    <ul>
+        <li><a href="~/">Home</a></li>
+        <li><a href="~/About">About</a></li>
+        <li><a href="~/Contact">Contact</a></li>
+    </ul>
+</aside>

SampleWebsite/Account/AccountLockedOut.cshtml

@@ -0,0 +1,14 @@
+@{
+    Layout = "~/_SiteLayout.cshtml";
+    Page.Title = "Account Locked";
+}
+
+<hgroup class="title">
+    <h1 class="error">@Page.Title.</h1>
+    <h2 class="error">Your account was locked out due to too many invalid log in attempts.</h2>
+</hgroup>
+
+<p>
+    Don't worry, the account will automatically be unlocked in 60 seconds. 
+    Please try again after that time has passed.
+</p>

SampleWebsite/Account/AssociateServiceAccount.cshtml

@@ -0,0 +1,54 @@
+@{
+    Layout = "~/_SiteLayout.cshtml";
+    Page.Title = "Associate your account with OAuth & OpenID providers";
+
+    WebSecurity.RequireAuthenticatedUser();
+
+    bool isSuccessful = false;
+    bool associationFailed = false;
+    string provider = null;
+
+    if (IsPost) {
+        provider = Request.Form["provider"];
+        if (!provider.IsEmpty()) {
+            OAuthWebSecurity.RequestAuthentication(provider);
+            return;
+        }
+    } else {
+        var result = OAuthWebSecurity.VerifyAuthentication();
+        if (result.IsSuccessful) {
+            string username = WebSecurity.CurrentUserName;
+            OAuthWebSecurity.CreateOrUpdateAccount(result.Provider, result.ProviderUserId, username);
+            isSuccessful = true;
+            provider = result.Provider;
+        }
+        else if (!result.Provider.IsEmpty()) {
+            associationFailed = true;
+            provider = result.Provider;
+        }
+    }
+}
+
+<hgroup class="title">
+    <h1>@Page.Title.</h1>
+    <h2>Choose a service to use to log in.</h2>
+</hgroup>
+
+@if (isSuccessful) {
+    <p class="message-success">You have successfully associated this account with @provider.</p>
+} else {
+    if (associationFailed) {
+        <p class="message-error">An error occurred while associating this account with @provider.</p>
+    }
+    <section class="social">
+        <form method="post">
+            <h2>Use another service to log in.</h2>
+            <fieldset>
+                <legend>Log in using another service</legend>
+                <input type="submit" name="provider" id="facebook" value="Facebook" title="Log in using your Facebook account." />
+                <input type="submit" name="provider" id="twitter" value="Twitter" title="Log in using your Twitter account." />
+                <input type="submit" name="provider" id="windowsLive" value="Windows Live" title="Log in using your Windows Live account." />
+            </fieldset>
+        </form>
+    </section>
+}

SampleWebsite/Account/ChangePassword.cshtml

@@ -0,0 +1,91 @@
+@using WebMatrix.WebData
+
+@{
+    WebSecurity.RequireAuthenticatedUser();
+
+    Layout = "~/_SiteLayout.cshtml";
+    Page.Title = "Change Password";
+
+    bool isSuccess = false;
+    var currentPassword = Request["currentPassword"];
+    var newPassword = Request["newPassword"];
+    var confirmPassword = Request["confirmPassword"];
+
+    // Add Validation scripts
+    Assets.AddScript("~/Scripts/jquery.validate.min.js");
+    Assets.AddScript("~/Scripts/jquery.validate.unobtrusive.min.js");
+
+    // Setup validation
+    Validation.RequireField("currentPassword", "The current password field is required.");
+    Validation.RequireField("newPassword", "The new password field is required.");
+    Validation.Add("confirmPassword",
+        Validator.Required("The confirm new password field is required."),
+        Validator.EqualsTo("newPassword", "The new password and confirmation password do not match."));
+
+    if (IsPost) {
+        if (Validation.IsValid()) {
+            if (WebSecurity.ChangePassword(WebSecurity.CurrentUserName, currentPassword, newPassword)) {
+                isSuccess = true;
+            } else {
+                ModelState.AddFormError("An error occurred when attempting to change the password. Please contact the site owner.");
+            }
+        } else {
+            ModelState.AddFormError("Password change was unsuccessful. Please correct the errors and try again.");
+        }
+    }
+}
+
+@if (!OAuthWebSecurity.IsAuthenticatedViaOAuth) {
+    <hgroup class="title">
+        <h1>@Page.Title.</h1>
+        <h2>Use the form below to change your password.</h2>
+    </hgroup>
+
+    if (isSuccess) {
+        <p class="message-success">
+            Your password has been updated!
+        </p>
+    }
+
+    <form method="post">
+        @Html.ValidationSummary(excludeFieldErrors: true)
+
+        <fieldset>
+            <legend>Change Password Form</legend>
+            <ol>
+                <li class="current-password">
+                    <label for="currentPassword" @if (!ModelState.IsValidField("currentPassword")) {<text>class="error-label"</text>}>Current password</label>
+                    <input type="password" id="currentPassword" name="currentPassword" @Validation.For("currentPassword")/>
+                    @Html.ValidationMessage("currentPassword")
+                </li>
+                <li class="new-password">
+                    <label for="newPassword" @if (!ModelState.IsValidField("newPassword")) {<text>class="error-label"</text>}>New password</label>
+                    <input type="password" id="newPassword" name="newPassword" @Validation.For("newPassword")/>
+                    @Html.ValidationMessage("newPassword")
+                </li>
+                <li class="confirm-password">
+                    <label for="confirmPassword" @if (!ModelState.IsValidField("confirmPassword")) {<text>class="error-label"</text>}>Confirm password</label>
+                    <input type="password" id="confirmPassword" name="confirmPassword" @Validation.For("confirmPassword")/>
+                    @Html.ValidationMessage("confirmPassword")
+                </li>
+            </ol>
+            <input type="submit" value="Change password" />
+            <p>
+                Click <a href="~/Account/ForgotPassword" title="Forgot password page">here</a> if you've forgotten your password.
+            </p>
+        </fieldset>
+    </form>
+}
+
+<div class="message-info">
+    <p>
+        To let users of this site log in using their accounts from other sites such as Facebook, Twitter, 
+        and Windows Live, you must update this site. For more information <a href="http://go.microsoft.com/fwlink/?LinkID=226949">click here</a>.
+    </p>
+</div>
+@*<p>
+    Click <a href="~/Account/AssociateServiceAccount" title="Associate OAuth Account">here</a> to associate this account with an third party service log in.
+</p>
+<p>
+    Click <a href="~/Account/DisassociateServiceAccount" title="Disassociate OAuth Account">here</a> to disassociate this account from an third party service log in.
+</p>*@

SampleWebsite/Account/Confirm.cshtml

@@ -0,0 +1,38 @@
+@{
+    Layout = "~/_SiteLayout.cshtml";
+    Page.Title = "Registration Confirmation Page";
+
+    string message = "";
+    var confirmationToken = Request["confirmationCode"];
+
+    WebSecurity.Logout();
+    if (!confirmationToken.IsEmpty()) {
+        if (WebSecurity.ConfirmAccount(confirmationToken)) {
+            message = "Registration Confirmed! Click on the log in tab to log in to the site.";
+        } else {
+            message = "Could not confirm your registration info.";
+        }
+    }
+}
+
+<hgroup class="title">
+    <h1>@Page.Title.</h1>
+    <h2>Use the form below to confirm your account.</h2>
+</hgroup>
+
+@if (!message.IsEmpty()) {
+    <p>@message</p>
+} else {
+    <form method="post">
+        <fieldset>
+            <legend>Confirmation Code</legend>
+            <ol>
+                <li>
+                    <label for="confirmationCode">Confirmation code</label>
+                    <input type="text" id="confirmationCode" name="confirmationCode" />
+                </li>
+            </ol>
+            <input type="submit" value="Confirm" />
+        </fieldset>
+    </form>
+}

SampleWebsite/Account/DisassociateServiceAccount.cshtml

@@ -0,0 +1,37 @@
+@{
+    Layout = "~/_SiteLayout.cshtml";
+    Page.Title = "Disassociate OAuth accounts";
+
+    WebSecurity.RequireAuthenticatedUser();
+    ICollection<OAuthAccountData> accounts = null;
+
+    if (IsPost) {
+        string provider = Request.Form["provider"];
+        string providerUserId = Request.Form["providerUserId"];
+        OAuthWebSecurity.DeleteAccount(provider, providerUserId);
+    }
+
+    string username = WebSecurity.CurrentUserName;
+    accounts = OAuthWebSecurity.GetAccountsForUser(username);
+}
+
+<hgroup class="title">
+    <h1>@Page.Title.</h1>
+    <h2>Choose a service to disassociate with this account.</h2>
+</hgroup>
+
+@if (accounts != null && accounts.Count > 0) {
+    <fieldset>
+        <legend>Choose a service to disassociate with this account</legend>
+        @foreach (var service in accounts) {
+            <form method="post">
+                <input type="hidden" name="providerUserId" value="@service.ProviderUserId" />
+                <input type="submit" name="provider" id="@service.Provider" value="@service.Provider" title="Disassociate @(service.Provider + " - " + service.ProviderUserId) from this account." />
+            </form>
+        }
+    </fieldset>
+} else {
+    <div class="message-info">
+        <p>This account is not associated with any additional services.</p>
+    </div>
+}

SampleWebsite/Account/ForgotPassword.cshtml

@@ -0,0 +1,81 @@
+@{
+    Layout = "~/_SiteLayout.cshtml";
+    Page.Title = "Forget Your Password";
+
+    bool passwordSent = false;
+    var disabledAttribute = "";
+    var resetToken = "";
+    var email = Request.Form["email"] ?? Request.QueryString["email"];
+
+    // Add Validation scripts
+    Assets.AddScript("~/Scripts/jquery.validate.min.js");
+    Assets.AddScript("~/Scripts/jquery.validate.unobtrusive.min.js");
+
+    // Setup validation
+    Validation.RequireField("email", "The email address field is required.");
+
+    if (IsPost) {
+        // validate email
+        bool isValid = true;
+        if (Validation.IsValid()) {
+            if (WebSecurity.GetUserId(email) > -1 && WebSecurity.IsConfirmed(email)) {
+                resetToken = WebSecurity.GeneratePasswordResetToken(email); // Optionally specify an expiration date for the token
+            } else {
+                passwordSent = true; // We don't want to disclose that the user does not exist.
+                isValid = false;
+            }
+        }
+        if (isValid) {
+            var hostUrl = Request.Url.GetComponents(UriComponents.SchemeAndServer, UriFormat.Unescaped);
+            var resetUrl = hostUrl + VirtualPathUtility.ToAbsolute("~/Account/PasswordReset?resetToken=" + HttpUtility.UrlEncode(resetToken));
+            WebMail.Send(
+                to: email,
+                subject: "Please reset your password", 
+                body: "Use this password reset token to reset your password. The token is: " + resetToken + @". Visit <a href=""" + resetUrl + @""">" + resetUrl + "</a> to reset your password."
+            );
+            passwordSent = true;
+            disabledAttribute = @"disabled=""disabled""";
+        }
+    }
+}
+
+<hgroup class="title">
+    <h1>@Page.Title.</h1>
+    <h2>Use the form below to reset your password.</h2>
+</hgroup>
+
+@if (!WebMail.SmtpServer.IsEmpty()) {
+    <p>
+        We will send password reset instructions to the email address associated with your account.
+    </p>
+
+    if (passwordSent) {
+        <p class="message-success">
+            Instructions to reset your password have been sent to the specified email address.
+        </p>
+    }
+
+    <form method="post">
+        @Html.ValidationSummary(excludeFieldErrors: true)
+
+        <fieldset>
+            <legend>Password Reset Instructions Form</legend>
+            <ol>
+                <li class="email">
+                    <label for="email" @if (!ModelState.IsValidField("email")) {<text>class="error-label"</text>}>Email address</label>
+                    <input type="text" id="email" name="email" value="@email" @disabledAttribute @Validation.For("email") />
+                    @Html.ValidationMessage("email")
+                </li>
+            </ol>
+            <p class="form-actions">
+                <input type="submit" value="Send instructions" @disabledAttribute/>
+            </p>
+        </fieldset>
+    </form>
+} else {
+   <p class="message-info">
+       Password recovery is disabled for this website because the SMTP server is 
+       not configured correctly. Please contact the owner of this site to reset 
+       your password.
+   </p>
+}