A nice facility of ASP.Net AJAX is that it lets you write a lot of functionality into the client whereas before you were stuck to simply writing it all on the server. One perfect example of this is authentication/authorization, which is now accessible from client script code through the AuthenticationService class.
I will lay out the basics of writing your own Authentication service (overriding the default one of ASP.net AJAX, which uses SQL Server, by the way). Many people will more than likely end up using their own implementation at some point anyway, not everyone has the benefit of creating a system from the ground-up.
First, enable the Authentication in your ASP.Net AJAX application by adding this to your web.config file:
<system.web.extensions>
<scripting>
<webServices>
<authenticationService enabled="true" />
</webServices>
</scripting>
</system.web.extensions>
Second, enable FormsAuthentication in your web application (if it's not already), by adding this to your web.config file:
<system.web>
<authentication mode="Forms">
<forms cookieless="UseCookies"
loginUrl="~/login.aspx"/>
</authentication>
<system.web>
Third, you must specify a web service which the client code can asynchronously interact with to verify your login/logout actions. You do this by right-mouse clicking on the ScriptManager for your particular page and setting the AuthenticationService property to the URI of the service:
Fourth, you write your web service. Your web service must contractually have two methods with the following signatures:
[WebMethod]
public bool Login(string userName,
string password, bool createPersistentCookie)
{
//Place code here.
return true;
}
[WebMethod]
public void Logout()
{
//Place code here.
}
NOTE: You MUST decorate your WebService class with the [ScriptService] attribute (<ScriptService()> in VB.Net) or else you will get back a funky error from the script runtime. The error I got was "The server method 'Login' failed". I also got the error code 12031 when this occured.
Fifth, you add your script code to the aspx file to handle the authentication calls. The script code interactions with the AuthenticationService class in script and registers for callbacks that notify you about login/logout status.
<script language="javascript" type="text/javascript">
function Button1_onclick() {
Sys.Services.AuthenticationService.set_defaultLoginCompletedCallback(
OnLoginCompleted);
Sys.Services.AuthenticationService.set_defaultFailedCallback(
OnFailed);
Sys.Services.AuthenticationService.set_defaultLogoutCompletedCallback(
OnLogoutCompleted);
Sys.Services.AuthenticationService.login("test",
"test", false,null,null,null,null,"User Context");
return;
}
function OnLoginCompleted(validCredentials,
userContext, methodName)
{
alert("You're logged in");
return;
}
function OnFailed(error,
userContext, methodName)
{
alert("Failed to log in " + error.get_message() + ". " + error.get_statusCode());
return;
}
function OnLogoutCompleted(result)
{
alert("You've logged out");
return;
}
</script>
You then run the code and watch as the script will call your service method, and return back to the client framework whatever result it got from the service. You will need to flesh out the methods in your service to actually leverage the FormsAuthentication framework, etc. A typical situation would be like this:
[WebMethod]
public bool Login(string userName, string password, bool createPersistentCookie)
{
if (Membership.Provider.ValidateUser(userName, password))
{
FormsAuthentication.SetAuthCookie(userName, createPersistentCookie);
return true;
}
return false;
}
[WebMethod]
public void Logout()
{
FormsAuthentication.SignOut();
} |
