Client Application Services - Part 2
page 1 of 10
Published: 14 Mar 2008
In this second part of the series, Bilal Haidar demonstrates how to authenticate and authorize users accessing a Windows Forms application by using Client Application Services introduced with Visual Studio 2008 and .NET 3.5. He starts with a brief description of Web application host and then examines authentication and authorization aspects involved with its creation. Bilal also shows how to test the Visual Studio 2008 application and provides the whole project for download.
by Bilal Haidar
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 43957/ 126


In part one of this series, we have introduced to you the ASP.NET 2.0 application services including Membership, Role, and Profile services. These services can be configured in a matter of few minutes inside the Web.config configuration file and you can start making use of them in your application.

In addition, ASP.NET 2.0 AJAX 1.0 Extensions application services were covered too. These are client-side services that allow applications, from the client-side JavaScript, to contact the application services on the server. What happens is that, when you configure your application to work with application services using JavaScript, client-side proxies will be created on the client side to make it an easy task for the JavaScript code to access the server services.

Moreover, a detailed overview was given on the Client Application Services introduced by Visual Studio 2008 and .NET 3.5 that allows client applications including Windows Forms and Windows Presentation Foundation applications to access the same database used for user management by web and Ajax application. This feature depends on the ASP.NET 2.0 AJAX 1.0 Extensions application services.

In this article we will demonstrate how to create a Web application to host the ASP.NET 2.0 AJAX 1.0 Extensions Application Services, create a Windows Forms application that will enable authentication and authorization and show you how this client application will contact the web host application for the purpose of authenticating users and authorizing them to access specific sections of the resources present in the application.

View Entire Article

User Comments

Title: Continuing last comment   
Name: Krishna Vedula
Date: 2010-04-04 7:22:11 PM
Hello Bilal

Looks like there is a limit on the length of the comment. So, here are my details

Krishna Vedula
Title: How to pass the user context back to server   
Name: Krishna J Vedul
Date: 2010-04-04 7:21:12 PM
Hello Bilal,

Great Series of articles going in depth in to each of the security topics. I found this very helpful. This helped me get a general direction for the project I am working on currently. However, I have come across a road-block in all articles related to Client Application Services across many sites and was not able to get much help in that regard.

What I am trying exactly is to have the same Authentication framework for my Web front-end as well as the Web interface. With Client Application Services, I am able to get that as explained by you clearly. I also get the roles of the user, so I control what to show and what not to show. Great so far.

I am going to the next level, where my Desktop application is connecting back to the same server (that server the authentication as well as web-content) to get some data. Here I have created some facades (aspx) to parse the request data and send the response as XML. I am able to use the same business objects with some custom aspx files for xml transformation. But, I am getting an error in the business layer if I put any security role restrictions.

How do I pass the Thread.CurrentPrincipal.Identity which has all the roles back to through the web request so that the security framework on the server would not throw any execptions.

a) Code I am using to create a request on the client is

HttpWebRequest req = (HttpWebRequest)WebRequest.Create(@"http://localhost:55555/AppServices/GetAdminData.aspx");
req.Method = WebRequestMethods.Http.Post;

b) Security Permissions on the server are like

[PrincipalPermissionAttribute(SecurityAction.Demand, Role="admin")]
public void ProcessRequest()

If I could pass all the cookies that come from user authentication back to server as part of the request, then I woudl get over the problem. But with Membership.ValidateUser I do not get any cookies. Then how do I pass them?

The SaveUserSettings seems to send the user
Title: Good Article   
Name: Adron
Date: 2008-10-20 12:07:25 AM
Good write up. I'm working through multiple scenarios right now with this, so it is interesting to read and helpful.


Community Advice: ASP | SQL | XML | Regular Expressions | Windows

©Copyright 1998-2024  |  Page Processed at 2024-05-18 9:55:13 PM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search