Client Application Services - Part 1
Published: 11 Mar 2008
In this first part of the three part series, Bilal Haidar introduces Client Application Services (CLAS) that shipped with Visual Studio 2008 and .NET 3.5. These services allow Windows Forms and Windows Presentation Foundation applications to access ASP.NET 2.0 AJAX 1.0 Extensions Application Services. He begins with a brief introduction followed by a detailed discussion of ASP.NET 2.0, AJAX Extensions 1.0, and Client Application Services. He concludes the article by providing a list of classes used for CLAS.
by Bilal Haidar
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 55984/ 73


ASP.NET 2.0 introduced the Application Services which are a set of services used to manage user security from authenticating users, creation of new users, retrieving user passwords, getting user roles, to loading and saving per-user profile data from and into a database. These services to function properly are configured through XML entries in the Web.config configuration file.

The above services, as you can see, work only with web applications. But the problems appear when you have multiple applications, including Web and Windows client applications, with a shared database and all of those applications need a way to authenticate and authorize users in addition to processing a user’s profile and this could not be done before Visual Studio 2008 and .NET 3.5.

With the release of Visual Studio 2008 and .NET 3.5, Client Application Services have been introduced to the Windows Forms and Windows Presentation Foundation applications. Basically, Client Application Services make use of the ASP.NET AJAX Application Services to allow a Desktop application to interact with the Membership, Role, and Profile providers.

ASP.NET 2.0 Application Services

ASP.NET 2.0 shipped with Membership, Role, and Profile providers that make a developer's life easier when it comes to working with user management including authenticating and authorizing users, creating new accounts, retrieving a user's password, storing and loading a user’s profile. All of these functionalities have been added to facilitate the most common tasks a developer faces in every application that requires such a kind of user and security management.

These services are always configured for a web application since they are defined in the Machine.config configuration file. By default, these providers are set to work with a SQL Server 2005 Express edition and can be easily configured through the Web.config configuration file of a specific web application. Here is the default configuration in the Machine.config file.

Listing 1

<add name="AspNetSqlMembershipProvider" 
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=, 
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" 
connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" 
enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" 
requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" 
minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" 
passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>
<add name="AspNetSqlProfileProvider" connectionStringName="LocalSqlServer" 
applicationName="/" type="System.Web.Profile.SqlProfileProvider, System.Web, 
Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
<add name="AspNetSqlRoleProvider" connectionStringName="LocalSqlServer" 
applicationName="/" type="System.Web.Security.SqlRoleProvider, System.Web, 
Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
<add name="AspNetWindowsTokenRoleProvider" applicationName="/" 
type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=, 
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>

Off course, you can use your own providers for any of the above services and this requires you to add those custom providers through the Web.config configuration file. As you can see, there are mainly three types of services. The first is Membership service which allows you to authenticate users, create new users, retrieve users, change user’s passwords and many more functionalities. The second is the Profile service which allows you to store user-specific information just like session variables in ASP.NET, but is much more powerful because it automatically saves the data into the database at the end of every request and loads back the data at the beginning of every request. For a full discussion on Profile service, check the following series.

An Extended Look at the Profile Object - Part 1

An Extended Look at the Profile Object - Part 2

An Extended Look at the Profile Object - Part 3

The third and final service is the Role management service. This service allows you to manage user’s roles by creating new roles, adding users to roles, retrieving user’s roles and other functionalities.

ASP.NET 2.0 AJAX Extensions 1.0 Application Services

AJAX Extensions 1.0 shipped with built-in client-side Application Services. This means that with AJAX 1.0 Extensions you can authenticate users, process user roles, and load and save user’s profile without the need to postback to the server.

To be able to allow the client-side code to interact with the Application Services, you need to configure them in the Web.config configuration file as follows.

Listing 2

        <authenticationService enabled="true" requireSSL = "false"/>
        <profileService enabled="true"
          writeAccessP-roperties="UserName" />
        <roleService enabled="true"/>

The above enables the Authentication, Profile, and Role services so that the AJAX engine creates client-side proxies so that the client-side JavaScript can interact with the Application Services on the server in an asynchronous way.

Every client-side proxy for the above services is configured with HttpHandler to know where to post the asynchronous request on the server. For instance, the Authentication Service is configured with the Authentication_JSON_AppService.axd HttpHandler. When a request accesses the aforementioned HttpHandler, the handler checks what Membership provider is configured in the web application on the server and accordingly it redirects the request to that configured provider. For instance, a call to Login method on the HttpHandler would be redirected to the Login method implementation of the configured Membership provider in the Web.config configuration file of the application

You can also configure the application services to interact with your Web services instead of using the built-in HttpHandlers. This can be very easy and a matter of setting the path of the Web services that will do the authentication operations to the Path property of the AuthenticationService class located inside the ScriptManager instance. Here is an example of how to do so.

Listing 3

<asp:ScriptManager ID="ScriptManager1" runat="server">
<AuthenticationService Path="~/AuthenticationService.asmx" />

After all, whether the client-side proxy is accessing a Web service, which is nothing but a compiled class on the server, or the HttpHandler which instantiates an instance of the configure MembershipProvider, the same functionality is present.

Client Application Services

If you have been following from the beginning of this article, you should have noticed how the concept of Application Services has evolved. First of all, the Application Services were added to ASP.NET 2.0, and after that AJAX developers were also able to access those Application Services from the client-side. What are left are the Windows Forms and Windows Presentation Foundation applications to access those Application Services and this enables having a single database containing the entire user’s information and shared by several application types including Web-AJAX and Windows applications.

What can be understood is that Client Application Services or CLAS, introduced with Visual Studio 2008 and .NET 3.5, is a way to allow a Windows Forms or WPF application to access the Application Services using the ASP.NET 2.0 AJAX 1.0 Extensions Application Services.

Usually, you would have a web application that is configured with ASP.NET 2.0 Application Services and ASP.NET 2.0 AJAX 1.0 Extensions Application Services and you need to use those application services in a new Windows Forms application.

CLAS mainly gives the windows application the power of:

Authenticating and authorizing users: By configuring the windows application to use the authentication service, the application can then authenticate and authorize users against a database just as a Web or AJAX application can do.

Operating in an Offline-mode: What makes CLAS even more powerful is that you can configure the application to cache all the processed information while the application is in live connection to the database and once the connection is off, the application can still operate in an offline mode by retrieving information from the cached data. Usually, SQL Server Compact Edition 3.5 database is used locally to store the information.

Visual Studio 2008 adds a new Tab to the project properties page called Services and is shown in Figure 1.

Figure 1: Windows Forms Services Tab

This is a new Tab that has been added to allow you to configure CLAS for your application. We will come to the above Tab later when we go in depth into how to configure CLAS for an application.

CLAS is a collection of application services and is built on top of several client application providers. For each of the services there is a provider that can be configured through the app.config configuration file.

When you configure the application using the Services Tab, automatically the configuration settings are added to the app.config file. Here is a sample configuration setting.

Listing 4

<membership defaultProvider="ClientAuthenticationMembershipProvider">
<add name="ClientAuthenticationMembershipProvider"         
System.Web.Extensions, Version=, Culture=neutral, 
credentialsProvider="ClientAppServicesDemo.Login, ClientAppServicesDemo" />

The above membership provider’s configuration section is so close to the one we saw earlier when configuring the Membership provider in an ASP.NET application. In the coming sections we will delve into more details about the providers and classes that ship with the CLAS.

CLAS Classes

CLAS comes with several new classes that constitute the core functionality. We will list those classes and give a brief description of the use and importance of each one of them.

ClientFormsIdentity: When the user is about to be authenticated a call to the static Membership.ValidateUser method is issued to validate the credentials of the user. If Windows Authentication is configured in the application then this method always returns true. If however, Forms Authentication is configured, and if the user was successfully authenticated, an instance of the ClientFormsIdentity can be retrieved by casting the System.Threading.Thread.CurrentPrincipal.Identity to an instance of ClientFormsIdentity. Notice though when the application is configured with Windows Authentication, the System.Threading.Thread.CurrentPrincipal.Identity refers to an instance of System.Security.Principal.WindowsIdentity with the AuthenticationType property set to Kerberos. However, when the application is configured with Forms Authentication, an instance of the ClientFormsIdentity can be retrieved as mentioned above and the AuthenticationType property is set to ClientForms.

ClientRolePrincipal: Once the user is authenticated, an instance of the ClientRolePrincipal can be retrieved by casting the System.Threading.Thread.CurrentPrincipal object to an instance of ClientRolePrincipal object. This object provides information about the roles the currently authenticated user belongs to.

ConnectivityStatus: This class contains a single static property called IsOffline which allows you to switch the application from online mode to offline mode and vice versa.

ClientFormsAuthenticationCredentials: This class represents the credentials of a user. When you want to allow the user to enter his/her credentials to be authenticated, usually you would create a Login Windows Form that implements the IClientFormsAuthenticationCredentialsProvider interface. This interface contains a single method called GetCredentials and returns an instance of ClientFormsAuthenticationCredentials object containing the user’s credentials.

ClientFormsAuthenticationMembershipProvider: This class manages access to the remote authentication service for forms authentication. It extends the MembershipProvider and adds the Logout method and UserValidated event. Typically, when Forms Authentication is configured for the application, you can retrieve an instance of this class by casting the Membership.Provider property to an instance of ClientFormsAuthenticationMembershipProvider object.

ClientWindowsAuthenticationMembershipProvider: This class manages Windows Authentication. It extends Membership.Provider and adds a single method Logout. When the user is logged out, he or she will continue to be authenticated by Windows but unable to access the remote authentication services.

ClientRoleProvider: This class manages the access to the remote roles service. If your applications require accessing roles information for users, you can simply configure the Roles service the same as you configure Authentication service. As the other providers, the ClientRoleProvider contains the ServiceUri property that points to the address of the remote Role service. When a user is authenticated, you can retrieve an instance of the ClientRolePrincipal from the System.Threading.Thread.CurrentPrincipal object. This class contains the IsInRole method that internally calls the ClientRoleProvider.IsUserInRole method. One final note about the ClientRoleProvider, it is a Read-Only provider which means you can only use the ClientRoleProvider to retrieve a user’s roles information.

IClientFormsAuthenticationCredentialsProvider: This interface has been mentioned above when we discussed the ClientFormsAuthenticationCredentials class. This interface shall by implemented by the Windows Forms that will ask the user for credentials, fill up an instance of the ClientFormsAuthenticationCredentials object and send it back to the ValidateUser method whether called directly from the Membership class or from the ClientFormsAuthenticationMembershipProvider. Any class that implements this class shall provide a method called GetCredentials that returns an object of ClientFormsAuthenticationCredentials filled up with the entered user credentials.

At this point, we will be satisfied by only the above classes. In the next parts of this series we will introduce the other remaining classes and illustrate more the ones mentioned above.


Material is still scarce on this topic, but there is a very informative section on the MSDN library that allows you to get an idea on all the details the surrounds Client Application Services. Follow this link to access this information: Client Application Services.


In this article we have revised the application services introduced by ASP.NET 2.0 and how the ASP.NET 2.0 AJAX 1.0 Extensions make use of those application services so that they can be accessed from within the client-side through client-side JavaScript proxies.

After that, we covered the concept of Client Application Services, what they are and why they are needed. In addition, a detailed section on the different classes introduced by Client Application Services was included to give a better idea on those classes.

This article is just an introductory article on the Client Application Services. There will be two other parts, one of them shows you how to configure your application to authenticate and authorize users and another one shows you how to work with Web Settings and Profile objects from inside a Windows application.

I hope you enjoyed this article and benefited from the information presented. If you have any questions or comments please feel free to contact me directly at

Happy Ajaxified Dot Netting!!

User Comments

Title: Mgr Appplication Development   
Name: Jothi
Date: 2008-12-30 11:28:42 AM
Hi Bilal,
I would like to know if the same service can be used for multiple applications
Title: Client Application Services - Part 1   
Name: Safiyullah-India
Date: 2008-04-29 2:49:06 AM
hi bilal... its good

Product Spotlight
Product Spotlight 

Community Advice: ASP | SQL | XML | Regular Expressions | Windows

©Copyright 1998-2021  |  Page Processed at 2021-03-01 5:06:45 AM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search