Client Application Services - Part 2: ASP Alliance

Print Add To Favorites Email To Friend Rate This Article
Client Application Services - Part 2

page 2 of 10

by Bilal Haidar
Feedback

Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 44083/ 86

Article Contents:

Web application host

In order to allow a client application to access the ASP.NET application services, there is a need to create an ASP.NET web application that will function as a host to access the Membership, Role, and Profile services.

The client application will then reference that host application to enable remote access to the services needed.

To start with, we will develop the ASP.NET application and enable only the Membership and Role services for this article.

First of all, create a new ASP.NET website called ASP.NETApplicationServices. The Membership service is enabled automatically and it is configured by default to work with a database located in a SQL Server 2005 Express edition. To change this configuration and allow the Membership service to interact with another database of your own, simply add the following in the web.config configuration file.

Listing 1

<connectionStrings>
<remove name="LocalSqlServer"/>
<add connectionString="Data Source=.\SQL2005;Initial 
Catalog=ClientApplicationServices;Integrated Security=True" name="LocalSqlServer"
providerName="System.Data.SqlClient"/>
</connectionStrings>

The default connection string used is named LocalSqlServer, so by removing it first and then adding it with different connection string properties, allows the configured Membership provider to interact with the database specified.

One addition step is left which is to install the ASP.NET 2.0 Application Services database. This will not be explained in this article, but this blog post shows in details how to do so: Install Application Services Database on Microsoft SQL Server 2000/2005.

What we need is to enable Role management for this application. This can be easily done by adding this configuration section to the web.config configuration file.

Listing 2

<roleManager enabled="true" />

Now that the application is configured for Membership and Role management services, a final step is required to give this website a fixed port number since it is using the Visual Studio 2008 internal web server. This is very important in case you are developing the host application as a website which means every time you run this website, VS 2008 will generate a new port number and assign it to the website and this breaks down the connection between the client application and this host application. To remedy the situation, a fixed port number is necessary so that every time VS 2008 runs this website, it will use the same port number. This can be done by accessing the properties page of the website and clicking on the Web tab. If you look under the Servers section, you can find a radio button called Specific port. There you can set the port number you want as shown in Figure 1.

Figure 1: ASP.NET website Web tab

The current configuration is enough to start creating the client application to authenticate and authorize users.

« (Page 1)

View Entire Article

(Page 3) »

User Comments

Title: Continuing last comment
Name: Krishna Vedula
Date: 2010-04-04 7:22:11 PM
Comment:
Hello Bilal

Looks like there is a limit on the length of the comment. So, here are my details

Krishna Vedula
krishna@ntc-us.com

Title: How to pass the user context back to server
Name: Krishna J Vedul
Date: 2010-04-04 7:21:12 PM
Comment:
Hello Bilal,

Great Series of articles going in depth in to each of the security topics. I found this very helpful. This helped me get a general direction for the project I am working on currently. However, I have come across a road-block in all articles related to Client Application Services across many sites and was not able to get much help in that regard.

What I am trying exactly is to have the same Authentication framework for my Web front-end as well as the Web interface. With Client Application Services, I am able to get that as explained by you clearly. I also get the roles of the user, so I control what to show and what not to show. Great so far.

I am going to the next level, where my Desktop application is connecting back to the same server (that server the authentication as well as web-content) to get some data. Here I have created some facades (aspx) to parse the request data and send the response as XML. I am able to use the same business objects with some custom aspx files for xml transformation. But, I am getting an error in the business layer if I put any security role restrictions.

How do I pass the Thread.CurrentPrincipal.Identity which has all the roles back to through the web request so that the security framework on the server would not throw any execptions.

a) Code I am using to create a request on the client is

HttpWebRequest req = (HttpWebRequest)WebRequest.Create(@"http://localhost:55555/AppServices/GetAdminData.aspx");
req.Method = WebRequestMethods.Http.Post;

b) Security Permissions on the server are like

[PrincipalPermissionAttribute(SecurityAction.Demand, Role="admin")]
public void ProcessRequest()
{

If I could pass all the cookies that come from user authentication back to server as part of the request, then I woudl get over the problem. But with Membership.ValidateUser I do not get any cookies. Then how do I pass them?

The SaveUserSettings seems to send the user

Title: Good Article
Name: Adron
Date: 2008-10-20 12:07:25 AM
Comment:
Good write up. I'm working through multiple scenarios right now with this, so it is interesting to read and helpful.

Thx.