Overview
The primary function of the ASP.NET framework is web site provisioning. It helps deliver static and dynamic (both client and server side) content over HTTP protocol. But, as ASP.NET has progressed, lots of value-added features that are required by most applications have been added to it.
ASP.NET provides the following ready-to-use features that are required by every access-controlled web site:
- Membership/Authentication Management: User and Credentials management, including validation
- Role Management: To manage authorization
- Profile Properties Management: To manage user-specific settings
The ASP.NET Application Services layer is built-in web services that expose thesee features in various standard formats so that they can be accessed by any application other than ASP.NET web applications.
The following types of clients are supported to access the ASP.NET Application Services Layer:
- SOAP Clients: Any application independent of the underlying operating system and technology can access ASP.NET application services through SOAP 1.1.
- ASP.NET AJAX Clients: ASP.NET AJAX web pages with client script can access ASP.NET application services using the JSON format.
- .NET Framework Windows Clients: Windows applications developed using the .NET framework can access ASP.NET application services using the JSON format over HTTP protocol.
The client and services framework provided by ASP.NET 2.0 AJAX Extensions and .NET 3.5 to configure and develop .NET Framework Windows clients that can use ASP.NET application services is called Client Application Services. Thus, it enables multiple Windows and web applications to share user management functionality (login, role, and profile) from a common server.
Features
The main features of Client Application Service are:
- Provides access to ASP.NET Application Services for Membership/Authentication, Role, and Profile functionality from Windows Forms and Windows Presentation Foundation (WPF) applications.
- Integration with .NET 2.0 Membership, Role, and Profile service classes at the client end. This enables Windows and web clients to continue using the same APIs.
- Client Application Services Classes: Clients also can use classes provided by Client Application Services to contact ASP.NET Application Services.
- Offline support: Stores Login, Role, and Profile data in local cache optionally. This enables the client to work in offline mode when the connection to ASP.NET Application Services is not available.
- Forms and Windows Authentication Membership providers available out of the box. Additional providers can be configured and developed.
- All Client Application Services APIs are synchronous and do not support asynchronous behavior.
Architecture
Figure 1 shows how Client Application Services make the ASP.NET Application Services available to Windows Clients.
Figure 1: High Level Architecture showing Client Application Services
As shown in Figure 1, Windows-based clients have two API choices to access ASP.NET Application Services:
- By accessing the .NET 2.0 Membership, Role ,and Profile functionality APIs which, in turn, access Client Application Service Provider classes to communicate with ASP.NET Application Service using the HTTP/JSON protocol.
- By accessing the Client Application Provider classes directly to implement logout and offline capabilities also.
Figures 2 and 3 show a detailed call flow path of an authentication request:
Figure 2: Request at client end
Figure 3: Request at service end
Walkthrough
Now, you can create a sample ASP.NET application service and use it from a Windows Client using Client Application Services. The following sample uses Authentication request as an example.
Creating and Configuring an ASP.NET Application Service
- Create a new ASP.NET 3.5 Web Service Application using Visual Studio 2008. Name the application, say, ‘ClientAppService’.
- Add the following XML code parallel to the <system.web> tag in the web service’s web.config file.
<system.web.extensions> <scripting> <webServices> <authenticationService enabled="true" requireSSL = "false"/> </webServices> </scripting> </system.web.extensions>
This code will expose the authentication service as a web service.
- Add the following XML code inside the <system.web> tag.
<membership defaultProvider="SampleProvider"> <providers> <add name="SampleProvider" type="ClientAppService.SampleProvider"/> </providers> </membership>
This configures the Membership framework to use the custom ‘SampleProvider’ that will be developed in the next steps. The Membership provider is responsible for managing and validating the credentials.
- Change the authentication mode to ‘Forms’ from the default value of ‘Windows’ because you will use ‘Forms’ authentication from your client code.
- Add a ‘SampleProvider’ class to the Web Service Application. It should inherit from the System.Web.Security.MembershipProvider class.
- Implement the ValidateUser method of the class. For this walkthrough, credentials have been hard coded, but in a real application they should be placeed in some data store.
- Change the Project Properties to run the web service on a fixed port.
Project -> ClientAppService Properties -> Web -> Change the default setting of ‘Auto-assign Port’ to ‘Specific Port’ as shown in Figure 5.
Also, change the virtual path to ‘/ClientAppService’.
Figure 5: Configure Web Service to run on a fixed port
- Build and start the Web Service Application.
Figure 4: Create new ASP.NET Web Service Application
<authentication mode="Forms" />
public class SampleProvider : MembershipProvider
public override bool ValidateUser(string username, string password) { bool flag = false; if (username == "SampleUser" && password == "SamplePassword") flag = true; return flag; }
Creating the Windows Client
- Create the .NET 3.5 client Windows Forms application using Visual Studio 2008 and name it, say, ‘ClientApp’.
- Change the Project Properties so that the application uses Client Application Services to connect to the ASP.NET Application Service created in earlier steps.
Project -> ClientApp Properties -> Services:
- Select ‘Enable client application services’
- Select ‘Use Forms authentication’
- Specify the URL based on port given earlier.
- Add controls to the startup form to accept login credentials and also a button to submit the form, as shown in Figure 8.
- In the ‘Login’ button click event, add the following code to call the Membership API and pass the entered credentials.
- Build and execute the application. Make sure that Web Service created earlier is running.
- To test, provide wrong credentials. You will get the output shown in Figure 9.
- Provide correct credentials this time, and the output will be as in Figure 10:
Figure 6: Creating a new Windows Forms Application
Figure 7: Enable Client Application Service
Figure 8: Client Login Form
if (!Membership.ValidateUser(textUserName.Text, textPassword.Text)) { MessageBox.Show("Incorrect Username or Password", "Pls try again", MessageBoxButtons.OK, MessageBoxIcon.Error); Application.Exit(); } else { MessageBox.Show("Login Successful","Welcome", MessageBoxButtons.OK, MessageBoxIcon.Information); Application.Exit(); }
Figure 9: Output on wrong credentials
Figure 10: Output on correct credentials
Conclusion
Client Application Services simplifies the access to ASP.NET Application Services and thus helps in managing the user information, authentication, and authorization at a common place for both web and Windows Applications.
Other important things that can be tried out using Client Application Services are:
- Accessing directly from Client Application Services classes
- Configuring offline support
- Implementing logout functionality
About the Author
Vikas Goyal is a Microsoft MVP Solutions Architect with several years of industry experience. He is mainly involved in designing products/solutions for Financial Industry. He can be contacted via his web site, http://www.VikasGoyal.net; or his blog, http://dotnetwithme.blogspot.com.