Building a custom authentication service in AJAX

Published Wed, Mar 7 2007 9:17

As we all know, it's possible to reuse the ASP.NET authentication services and perform the authentication of the credentials of a user from the client side by using the Sys.Service._AuthenticationService class (a global object is inserted in all AJAX pages - Sys.Service.AuthenticationService - which you can use to login or logout a user). By default, this client class makes a specific web service call which AJAX knows how to handle in the server side (btw, the internal AuthenticationService class is responsible for performing these operations).

If you're curious, you've already checked the code of that class and you know that it leverages the membership provider pattern introduced by ASP.NET 2.0 - ie, it uses the Membership class to perform the authentication of a user). If you need to customize how the user validation is done, you may be thinking that building your own membership provider is your only chance. Though this works, it may be overkill if you've got a simple scenario and don't want to create a new membership provider. In these cases, you can build your own web service which performs the validation of the user's credentials. You only need to garantee that the service exposes two methods (Login and Logout) which receive the correct number and type of parameters. Here's a very simple example of how you can build such a service:

[WebService(Namespace = http://tempuri.org/)]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
[System.Web.Script.Services.ScriptService]
public class CustomLogin : System.Web.Services.WebService {
   [WebMethod]
   public bool Login(string userName, string password, bool createPersistentCookie ) {
     if (string.CompareOrdinal(userName, "luis") == 0 && string.CompareOrdinal(password, luis123") == 0) {
           FormsAuthentication.SetAuthCookie(userName, createPersistentCookie);
           return true;
      }
      return false;
   }

   [WebMethod]
   public void Logout() {
      FormsAuthentication.SignOut();
    }
}

Building a custom authentication service is really simple: you only need to set the authentication cookie when the credentials of the user are correct and delete that cookie when the user performs a logout operation. After doing that, you must change the default path to the service by setting the Path property of the AuthenticationServiceManager class:

<asp:ScriptManager runat="server" id="manager">
   <Scripts>
       <AuthenticationService Path="web_service_path" />
   </Scripts>
</asp:ScriptManager>

If you're only using client code, you must use the path property of the global AuthenticationService object like this:

Sys.Services.AuthenticationService.set_path( "web service path goes here" );

by luisabreu

Filed under: MS AJAX

Comments

# Cat Chen said on Friday, March 16, 2007 7:08 AM

新一期的RandomClippings又来了，这次介绍的两篇文章都很容易读，单词不会太难，语法也简单。在AJAX中制作自定义验证服务(Buildingacustomauthenticati...

# Kris - TECH said on Friday, March 16, 2007 8:24 AM

新一期的 Random Clippings 又来了，这次介绍的两篇文章都很容易读，单词不会太难，语法也简单。在AJAX中制作自定义验证服务 ( Building a custom authentication

# cnblogs.com said on Friday, March 16, 2007 8:29 AM

新一期的 Random Clippings 又来了，这次介绍的两篇文章都很容易读，单词不会太难，语法也简单。在AJAX中制作自定义验证服务 ( Building a custom authentication

# Dimitris said on Saturday, December 29, 2007 3:32 PM

Hi. Thanks for the post. But unfortunately I cannot make this code work. I can see that the SetAuthCookie method does set the cookie but afterwards no access is allows to the secure items. I mean, the forms authentication ignores the cookie set... or misses something else... I don't know... Even after successful authentication I am stuck to the login page no matter what I do. Any ideas ?

# ASP.NET AJAX Forum Posts said on Monday, September 22, 2008 7:57 AM